NewsNationalScripps News


Is Temu safe? Lawsuit claims app hacks 'literally everything'

Temu is one of the most popular apps, but issues surround it, including a lawsuit that says it has access to "literally everything" on users' devices.
Is Temu safe? Lawsuit claims app hacks 'literally everything'
Posted at 9:08 PM, Feb 12, 2024

If you paid attention to Super Bowl commercials Sunday, you surely couldn't have missed the multitude of ads for Temu.

The Chinese-backed e-commerce platform aired three commercials during the big game and two that played after, likely costing upwards of $30 million in total for the coveted — yet wildly expensive — broadcast slots. Yet the investment appears to have reaped gains already, with the Temu app ranking second in Apple's chart of most downloaded free apps Monday.

But while Temu promises that its low prices on everything from clothing to technology allow customers to "shop like a billionaire," some of those customers say the promise is a ploy to allow the app itself to shop — for users' private data.

Class action lawsuits allege "malicious" data-collection scheme

In the most recent bout of controversy, a group of plaintiffs from multiple states filed a class action lawsuit against Temu and its parent company PDD Holdings Inc., claiming the app violates users' privacy rights by secretly collecting their data and doesn't give them an option to effectively consent.

The suit claims experts who reviewed the app found it is "purposefully and intentionally" loaded with "a complete arsenal of tools to exfiltrate virtually all the private data on a user's device and perform nearly any malign action upon command trigger from a remote server." This, it alleges, gives the company access to "literally everything on your phone."

"This is particularly concerning, given that biometric information such as facial characteristics, voiceprints, and fingerprints are immutable characteristics that can be misused by unscrupulous actors," the lawsuit states, also claiming this process gives Temu access to a user's private messages, phone settings and location services.

The experts involved in the case claim the "smoking gun evidence" they found, including alleged evidence that "great efforts were taken to intentionally hide" the software's intrusiveness, makes Temu "the most dangerous malware/spyware package currently in widespread circulation," particularly as it pertains to China.

SEE MORE: Shein hit with racketeering lawsuit for copying independent designers

Months prior, another class action lawsuit alleged Temu knowingly failed to secure customers' personal information and allowed hackers to steal users' data. This led to reports to the Better Business Bureau over Temu customers' credit card and bank information being sold or leaked after they used the app, the lawsuit states.

On its website, Temu says it cares "deeply about privacy." It also says it doesn't "sell" personal information in the traditional sense, and only provides it to certain entities to create a better and more personalized service for users.

The company also shared a statement with CBS, which first reported the news of the lawsuit, saying, "We categorically deny the allegations and intend to vigorously defend ourselves against these meritless lawsuits … Our privacy practices are in line with industry standards and are transparently disclosed in our privacy policy. Temu also has a 'permissions' section in the Temu app and website that clearly explains the device features that Temu does and does not access. We do not sell customer data to third parties."

Other controversies involving Temu

Other Chinese-owned apps have been subject to increased data-privacy concerns as of late, particularly with the rise of TikTok, because any company in China cannot legally refuse if the government demands access to their data.

The recent lawsuit points to the Pinduoduo online shopping app — which is also owned by PDD Holdings Inc. — as another example of this, claiming it was recently suspended from the Google Play Store over the presence of spyware.

But beyond its security and ownership, the business model of Temu itself has also faced other scrutiny regarding its products and how they're made in the first place.

A Congressional report published in June 2023 said there's an "extremely high risk" Temu's supply chains employ forced labor, violating the U.S. law that blocks imports from China's Xinjiang region unless there's proof the products were made without it. Temu said in the report that it doesn't conduct audits to examine whether its suppliers are in accordance with the anti-forced-labor law.

Are the prices too good to be true?

Since its 2022 launch, Temu's appeal has centered on its low or — even free, if you promote it — prices for every kind of product.

In a statement to TIME, a Temu spokesperson said it can offer the low prices because of its "deep network of merchants, logistic partners, and [Pinduoduo's] established ecosystem built over the years."

But instead of being known for the costs, it's the quality that seems to be taking hold of the business' reputation.

Temu has a 2.5-star Better Business Bureau rating, and most of the customer reviews claim some issue, like its "horrible" customer service, delivery errors, pricing tricks and low-quality items.

There are some high reviews, however, which mostly detail skeptics being pleasantly surprised upon receiving their orders.

Since Temu suppliers are mostly overseas, the prices are offset by an average 23-day shipping window, which could deter some users who are accustomed to the Amazon Prime two-day delivery schedule. 

Still, tens of millions of Americans are receiving Temu packages each year, so apparently, neither data privacy nor bad reviews can beat the appeal of a good deal.

Trending stories at