PSA: Android customers with apps from Pinduoduo ought to strongly take into account uninstalling them, particularly in the event that they bought these apps from outdoors the Google Play retailer. Current experiences point out the corporate’s apps include malicious code that creates backdoors and downloads extra software program with out the person’s consent.
Google lately suspended e-commerce big Pinduoduo’s official Play retailer app and warned customers that a number of of the corporate’s different apps include malware. Pinduoduo’s important Google Play retailer app (and the Apple App Retailer’s, for that matter) is probably going innocent, however Google mentioned variations from different distribution channels are harmful.
Third-party experiences say Pinduoduo’s apps attempt to set up widgets on affected units, stop customers from uninstalling apps, observe put in app utilization stats, entry WiFi data, and pull location information. Any further, making an attempt to put in these apps will set off Google Play Defend—Google’s anti-malware suite for Android. Safety researchers reported that Pinduoduo exploited Android vulnerability CVE-2023-20963, which Google patched earlier this month. The malware could be an effort to inflate the corporate’s person numbers artificially.
Google detected the malware on the Samsung, Huawei, Oppo, and Xiaomi app shops. Though customers in western international locations can depend on safety from Google’s overview course of, the Play retailer is not out there in Pinduoduo’s native China. The corporate vehemently denied accusations from Google and safety researchers, stating different apps suspended from Google Play across the similar time.
As a result of Pinduoduo is a Chinese language firm with round 800 million customers, it is simple to see its suspension by American big Google as anti-China fearmongering, particularly in mild of Congress’ menace to ban TikTok. Nonetheless, the earliest experiences accusing Pinduoduo of spreading malware got here from Chinese language safety researchers. A later evaluation from cybersecurity firm Lookout seems to validate the preliminary findings.
Earlier this month, Google’s safety crew warned customers about 18 zero-day exploits in standard Android units, together with the corporate’s Pixel 6 and seven telephones. Google is working to harden its platform by baking safety into the Android firmware.
This safety scenario is among the issues presumably arising from Android’s extreme degree of fragmentation, which might be inflicting loads of different points for software program builders and {hardware} producers supporting the platform.