PSA: Android customers with apps from Pinduoduo ought to strongly contemplate uninstalling them, particularly in the event that they obtained these apps from exterior the Google Play retailer. Recent reviews point out the corporate’s apps include malicious code that creates backdoors and downloads further software program with out the consumer’s consent.
Google just lately suspended e-commerce big Pinduoduo’s official Play retailer app and warned customers that a number of of the corporate’s different apps include malware. Pinduoduo’s fundamental Google Play retailer app (and the Apple App Store’s, for that matter) is probably going innocent, however Google mentioned variations from different distribution channels are harmful.
Third-party reviews say Pinduoduo’s apps attempt to set up widgets on affected units, stop customers from uninstalling apps, observe put in app utilization stats, entry WiFi data, and pull location information. From now on, making an attempt to put in these apps will set off Google Play Protect—Google’s anti-malware suite for Android. Security researchers reported that Pinduoduo exploited Android vulnerability CVE-2023-20963, which Google patched earlier this month. The malware may be an effort to inflate the corporate’s consumer numbers artificially.
Google detected the malware on the Samsung, Huawei, Oppo, and Xiaomi app shops. Although customers in western international locations can depend on safety from Google’s evaluate course of, the Play retailer is not accessible in Pinduoduo’s native China. The firm vehemently denied accusations from Google and safety researchers, mentioning different apps suspended from Google Play across the identical time.
Because Pinduoduo is a Chinese firm with round 800 million customers, it is simple to see its suspension by American big Google as anti-China fearmongering, particularly in mild of Congress’ menace to ban TikTok. However, the earliest reviews accusing Pinduoduo of spreading malware got here from Chinese safety researchers. A later evaluation from cybersecurity firm Lookout seems to validate the preliminary findings.
Earlier this month, Google’s safety staff warned customers about 18 zero-day exploits in widespread Android units, together with the corporate’s Pixel 6 and seven telephones. Google is working to harden its platform by baking safety into the Android firmware.
This safety state of affairs is without doubt one of the issues probably arising from Android’s extreme degree of fragmentation, which may very well be inflicting loads of different points for software program builders and {hardware} producers supporting the platform.
