Technology

69247 readers

3746 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

859

Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims (arstechnica.com)

submitted 10 months ago by neme@lemm.ee to c/technology@lemmy.world

238 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] kibiz0r@midwest.social 24 points 10 months ago* (last edited 9 months ago) (2 children)

Comments here: “Yeah right, I’ll believe it when they explain how.”

Article: literally has a section explaining how

Edit:

Replies: "Yeah, but that's just a summary. I'll believe it when they explain in full detail."

Article: literally has a link to the detailed explanation

[–] AProfessional@lemmy.world 14 points 10 months ago* (last edited 10 months ago) (1 children)

The claim is they completely bypass all Android and iOS security is pretty unbelievable.

If so then the real discussion is how these zero day exploits are just sitting around.

EDIT: It seems the focus is on Android but all the information is nonsensical, like AI generated buzzword bingo.

[–] aodhsishaj@lemmy.world 5 points 10 months ago (1 children)

I'm not seeing too many buzzwords here

https://grizzlyreports.com/we-believe-pdd-is-a-dying-fraudulent-company-and-its-shopping-app-temu-is-cleverly-hidden-spyware-that-poses-an-urgent-security-threat-to-u-s-national-interests/

[–] AProfessional@lemmy.world 5 points 10 months ago* (last edited 10 months ago)

That source looks better indeed.

Ars quotes nonsense like “bypasses the security” and “exploit the user”.

Those terms have meaning and they aren’t applicable here.

At the end though they do say things like

is able to hack your phone from the moment you install the app

Without any credible evidence.

[–] TORFdot0@lemmy.world 8 points 10 months ago (1 children)

It states that it’s somehow breaking the permissions sandbox by dynamically recompiling code after the app is opened. Unless there is some undisclosed exploit that it’s using to break the sandbox, it’s outside most people’s understanding of how these platforms work

[–] MoonRaven@feddit.nl 1 points 10 months ago (1 children)

It only explains how it would pass (automatic) reviews. Not how it would bypass the sandbox. So yeah, you're right, not enough info sadly.

[–] TORFdot0@lemmy.world 4 points 10 months ago

Someone else posted this report in this thread which does a good job of the deceptive practices and API calls the app uses to trick the user into giving permissions up willingly and otherwise collect data it shouldn’t.