Shop Smart, Stay Secure: Cybersecurity Tips for E-shopping

Are you tempted by Temu’s promotional emails with their “90% off – No Joke” headlines? Their low prices and spectacular range of fast fashion – and everything else – can be irresistible. It’s hard to fathom how the company can profit from such steep discounts.

Is Temu legitimate? What’s the catch? A closer look at their business model provides some clarity – and a nasty shock.

According to their 2022 financial report, 60% of their income is from selling their unsuspecting clients’ data. Their data collection practices are so blatantly intrusive that a US cybersecurity company has filed a lawsuit to have Temu’s mobile app banned as malware.

Environmental activists oppose the rampant consumerism accompanying the rise of cheap online shops for fast fashion and gadgets. Research shows that they take a heavy toll on the environment. But what other damage are they causing, and is it safe to shop with Temu?

Temu’s Nasty Surprise: A Hidden Cost

On Temu, everything is cheap, so people buy more than they need. The goods are of low quality, so they end up in mountainous trash heaps quickly. The manufacturers pay low wages to staff and use excessive packaging, water, and other resources. Everything gets shipped or flown vast distances across continents. The transport pushes Temu’s carbon emissions sky-high.

But there’s another cost hidden under the surface of the cheap, glitzy, wear-once fashion items and gadgets. We won’t know the full price until the proverbial debt collector walks in through our front doors.

Temu’s Business Model Explains Their Low, Low Prices

We’ve become used to sidestepping all the targeted advertising that accompanies online shopping. It’s public knowledge that shopping platforms extensively use cookies, scripts, and other trackers to find out what their clients like.

However, Temu’s financial reports reveal that they are gathering almost unimaginable quantities of data from their users. They don’t make a profit on their merchandise. Their chief income is from the data they gather from their clients.

That raises a big question. If a company relies so heavily on selling users’ data, is there any shady data collection practice they will not stoop to?

The Temu App’s Outrageous Permission Requests

All shopping apps collect your name, phone number, email, home address, some information about your device, and IP address. After all, if you order something, they have to know where to deliver it.

But the Temu app can also make screenshots, exfiltrate data, install new apps without your knowledge, change your phone’s data privacy settings, and even recompile itself to change into a new, different app. It collects biometric information (e.g., fingerprints), GPS location, social media accounts, chats, texts, contacts, photo albums, calendars, browsing data, documents, and how and when you use the other apps on your device.

It’s noteworthy that Google suspended Temu’s sister company, Pinduoduo’s app, from its Play store earlier this year due to the presence of malware. The Pinduoduo app grabbed 83 permissions from app users, including Bluetooth and Wi-Fi network information and biometric information.

After the suspension, PDD Holdings redeployed Penduoduo’s app developers to Temu to develop and maintain the Temu app.

Temu is less aggressive than Pinduoduo, with ‘only’ 24 permissions, but also grabs access to Bluetooth and Wi-Fi network information. That could potentially give hackers the means to infiltrate and infect a user’s network.

Hackers could quickly own the company’s network if the user connects via a company Wi-Fi. They could steal trade secrets, financial information, or HR records or infect the network with ransomware.

Why should any shopping app have this much control?

The China Data Risk Controversy

Chinese-owned apps are, in the first place, subject to Chinese law. China’s cybersecurity law demands that all Chinese companies operating in other countries must give the Chinese government unobstructed access to their client’s data.

For this reason, the U.S.-China Economic and Security Review Commission regards Temu and Shein as significant risks. Allowing China to extract, save, sell, and manipulate US citizens’ sensitive data challenges US regulations, laws, and market principles.

The US has accused Temu of risky data practices. There is a risk that the Temu app could undergo a metamorphosis after an update. It could potentially become a backdoor into US networks in future state-sponsored cyberattacks.

Apart from that, it’s not an outrageous assumption that state-sponsored hackers could use the data they’ve extracted from US phones for blackmail. They could use compromising photos or sensitive information against people in positions of trust in the US economy or government. And this may concern other countries as well.

How to Protect Yourself from Cyber Risks on Temu

The safest would be to uninstall the app from your phone. Only visit the site using a computer protected by a VPN and an antivirus. If you want to continue using the app, these steps might reduce data harvesting:

• Install a VPN: A VPN creates a private “tunnel” for the communication that passes between your device and the internet. It ensures your data gets sent only to the website you intend to share it with. Additionally, the VPN encrypts the data before sending it. Encryption turns the data into a meaningless mishmash during transit. The encrypted data is meaningless even if hackers intercept your login or credit card details.
• Install antivirus software: Its purpose is to spot malicious apps. However, the Temu app already has root access, so this may, in certain cases, be of limited value.
• Protect sensitive information: Don’t upload sensitive photos, bills, and documents with sensitive information to your phone storage.
• Shop online more sustainably: Disposable items from low-budget e-shops affect the environment. Look for other options with a more sustainable business model.

Lack of Sustainability or Cyber Dangers: Which is Worse?

The incredibly low prices and trendy items on e-commerce platforms like Temu are tempting, but the fast fashion and gadgets they sell harm the environment. However, Temu’s data harvesting practices may pose an even bigger risk in the short term.

The US has made some progress in establishing data privacy laws, even if privacy protection is not yet at the same level as Europe’s GDPR. However, Temu’s blatant exploitation of user data, invasive permission requests, and controversial business practices raise serious concerns about privacy, security, and our ability to shop smart and stay secure online.