A shopping app that didn鈥檛 exist four months ago might be changing the game of e-commerce, however, experts say it鈥檚 also raising concerns about data privacy risks for Canadians.
Garnering conflicting reactions from customers throughout Canada and the U.S., Temu has been making waves on social media platforms over the last two months. The one-stop-shopping service recently became one of North America鈥檚 most downloaded free apps on both the App Store and Google Play, thanks in part to its reputation of offering steep discounts on a vast assortment of products, along with opportunities for credit incentives through encouraging sign-up offers.
However, one cybersecurity expert warns that Temu, like any e-commerce app that doesn鈥檛 fall under Canadian data protection laws, could present a risk that more shoppers should evaluate.
鈥淲ithin the last year or so there has been increasing concern about spying from foreign states,鈥 Fred Nerenberg, a senior cybersecurity consultant at a Canadian security firm, told CTVNews.ca over the phone. 鈥淏ut when it comes to people鈥檚 data, you are forfeiting your personal information and your browsing habits and your interests to a company that may or may not have ties to foreign governments where that data would be subject to ownership by those foreign states,鈥 he explained.
Temu鈥檚 parent company, PDD Holdings, is publicly traded on the New York Stock Exchange. The company has subsidiaries primarily registered in China鈥攎eaning it could be subjected to regulation by Chinese authorities. This is according to a by the U.S.-China Economics and Security Revision Commission (USCC), which warned that the company鈥檚 Chinese ownership raises concerns about cybersecurity, data privacy, and national security concerns.
But how could online shopping present such a digital threat?
鈥淵ou鈥檙e essentially at the mercy of what those companies are doing with your data,鈥 Nerenberg explained, referring to the wide net of data-collection these e-commerce services cast. 鈥淚 think what they choose to do with it is sort of up in the air. It鈥檚 under a different jurisdiction.鈥
Nerenberg said 鈥渜uite a bit of information about your clientele鈥 can be inferred based solely on browsing habits.
Apps like Temu, he said, can collect metadata that reveals how long customers have looked at certain products and how many times they revisited certain pages. This can be used to build data profiles that allow companies to precisely target people with ads that feature products they will be more inclined to purchase.
Nerenberg says the threat could apply to all e-commerce services with international distribution.
, Target once figured out one of its teenaged customers was pregnant before her father did, based on her online browsing data.
鈥淭hese companies could theoretically build those same profiles. So it鈥檚 no different than the companies here, but how is that information being used by foreign states?鈥
Temu is an off-shoot of Pinduoduo, a Chinese e-commerce giant. , Pinduoduo was found to be capable of bypassing users鈥 mobile security software to monitor activities on other apps鈥攊ncluding checking notifications and reading private messages. According to a CNN investigation involving cybersecurity researchers in Asia, Europe and the U.S., malware on the Pinduoduo app exploited security vulnerabilities in Android operating systems in order to gain access to data not normally accessible by apps.
Nerenberg cautions against pursuing flashy online discounts while ignoring privacy concerns.
鈥淛ust because you鈥檙e being offered a cheaper product doesn鈥檛 necessarily mean that you are getting the better end of the deal,鈥 he said.
鈥淜eep in mind where you are forfeiting your data to. How is that data going to be used, and if it鈥檚 against your risk profile, then why are you using it anyway?
CTVNews.ca has reached out to Temu for comment and is still awaiting a response.
