Google Suspends Pinduoduo After Finding Malware in the App

BEIJING, March 22 (TMTPOST) – Google announced on Tuesday that it had removed Pinduoduo (NASDAQ: PDD) from its Play Store due to security concerns.

Google Play Protect detected malware in the Android version of Pinduoduo during a routine scan of the app store. As a precautionary measure, Google removed the app from its app store to ensure user safety. While the removal only affects downloads of the app from Google Play, it undoubtedly worsens the recent crisis of trust faced by Pinduoduo. Rumors have been spreading that the app exploited cell phone vulnerabilities to attack users.

In 2022, Google’s Project Zero released an analysis of exploits in the wild and warned that attackers were exploiting OME code vulnerabilities to gain unauthorized access to users’ devices. On February 28, security research institution DarkNavy reported that some internet vendors were secretly installing apps through illegitimate means, such as boosting their installed base, faking DAU/MAU numbers, attacking rival apps, stealing users’ private data, and evading privacy compliance regulations. At that time, rumors circulated that Pinduoduo was the target of the accusation, but neither the app nor the disclosing party has responded to these allegations.

According to a former mid-level employee of Pinduoduo, unlike many other apps,  users would frequently download, use, and uninstall and re-download it due to promotion activities. However, this model is facing challenges. With the introduction of laws like the Protection of Personal Information Act and app norms formulated by the Ministry of Industry and Information Technology, many practices that previously induced downloads are now identified as forced downloads and are subject to policy crackdowns. As a result, Pinduoduo needs more stable downloads. In Q4 2022, the app reported lower-than-expected revenue and net profit, sending the stock price falling.

This is not the first time that Pinduoduo has been criticized for engaging in “shady operations” on users’ cell phones. In January 2021, an app user posted a video claiming that the app deleted albums and videos from the phone without permission. The topic “Photos were deleted remotely by the Pinduoduo app” quickly went viral on Weibo. Pinduoduo responded by stating that the photos deleted were cached pictures saved in the album during a customer service chat, but did not explain why it had the authority to delete pictures from mobile albums. In 2021, a former employee who joined Pinduoduo during its early stage said that he was suddenly notified that his contract would not be renewed immediately before his labor contract expired in 2021. He believes that one of the reasons for the termination was his repeated refusal to provide illegal technical services to the company since 2019. His team was also disbanded before he was notified of the non-renewal of his contract.

更多精彩内容，关注钛媒体微信号（ID：taimeiti），或者下载钛媒体App

​Read More