Illustration picture of Chinese e-commerce platform Pinduoduo Inc
Reuters

KEY POINTS

  • Google said several apps made by Chinese e-commerce giant Pinduoduo contained malware designed to track users
  • It suspended Pinduoduo's official app on Google Play
  • Google has set Google Play Protect to block users from downloading the apps

Google has raised the alarm about multiple Chinese apps containing malware.

Google flagged several apps created by the Chinese e-commerce giant Pinduoduo as malware designed to monitor their users, tech news outlet TechCrunch reported.

It has since suspended Pinduoduo's official app from Google Play, which is not available in China, "for security concerns" while investigating the matter, Google spokesperson Ed Fernandez said.

However, anonymous security researchers who spoke to TechCrunch warned that the malicious apps were also present in the custom app stores of smartphone manufacturers Samsung, Huawei, Oppo and Xiaomi.

The spokesperson said that the "off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect," referring to apps that are not on Google Play.

Google's Android security mechanism Google Play Protect scans all of the apps on Android phones and works to prevent the installation of malicious apps.

A test conducted by TechCrunch confirmed that Google has already begun blocking any attempts to download the malware-infested Chinese apps, with a notification box warning users that the apps try to "bypass Android's security protections."

Google's actions came after Chinese cybersecurity researchers alleged that Pinduoduo, which boasts almost 800 million active users. has been making Android apps with malware that tracks users' online behavior.

Pinduoduo is the latest Chinese app to face scrutiny amid growing data harvesting and surveillance fears.

Last month, Microsoft revealed that an old version of the mobile app of Chinese online fast fashion retailer Shein had been found accessing Android users' clipboard content.

Microsoft said it caught Shein's mobile app sending harvested clipboard content to an unknown server.

The tech giant warned that malicious actors could use the clipboard content to gather useful data, including passwords or payment information.

Another Chinese-made app, TikTok, is also under immense pressure over allegations of surveillance.

In February, the Biden administration's Office of Management and Budget ordered federal government workers to remove TikTok from official devices.

A proposed Senate bill that aims to give the Department of Commerce drastic powers to ban TikTok and other foreign-based technologies that could threaten national security has also gained support from the White House.

Last week, ByteDance, the Chinese company that owns TikTok and its Chinese counterpart Douyin, said that the Committee on Foreign Investment in the United States (CFIUS) demanded that it sell its shares in TikTok or face a possible U.S. ban.

The growing government pressure led TikTok's parent company to make its last-ditch effort to save its 100 million-user market in the U.S.

ByteDance introduced Project Texas, a $1.5 billion initiative to review TikTok's content moderation policies and safeguard American users' data from the Chinese government.

TikTok CEO Shou Zi Chew is expected to face the House Committee on Energy and Commerce this week to convince the lawmakers that the embattled video-sharing app is not in any way connected to the Chinese Communist Party.

Android malware
UNSPLASH