PSAs: Android customers who use Pinduoduo apps ought to strongly contemplate uninstalling them, particularly in the event that they obtained them from exterior of the Google Play Store. Recent stories recommend that the corporate’s apps comprise malicious code that may create backdoors and obtain extra software program with out customers’ consent.
Google not too long ago suspended e-commerce big Pinduoduo’s official Play Store app and warned customers that a number of different apps from the corporate contained malware. Pinduoduo’s principal Google Play Store app (in addition to one from the Apple App Store) could also be innocent, however Google says variations from different distribution channels are harmful.
Third-party stories say that Pinduoduo’s app makes an attempt to put in widgets on affected gadgets, forestall customers from uninstalling apps, observe utilization statistics for put in apps, entry WiFi info, and extract location information. From now on, making an attempt to put in these apps will set off Google Play Protect, Google’s antimalware suite for Android. Security researchers report that Pinduoduo exploited the Android vulnerability CVE-2023-20963, which Google patched earlier this month. The malware might have been designed to artificially inflate the corporate’s consumer numbers.
Google detected the malware within the app shops of Samsung, Huawei, Oppo and Xiaomi. While customers in Western nations can depend on the safety of Google’s censorship course of, the Play Store just isn’t accessible in Pinduoduo’s native China. The firm strongly denies the allegations from Google and safety researchers, noting that different apps had been suspended from Google Play across the identical time.
Since Pinduoduo is a Chinese firm with some 800 million customers, it is simple to see its suspension by US big Google as anti-China intimidation, particularly given Congress’ threats to ban TikTok. However, the primary stories accusing Pinduoduo of spreading malware got here from safety researchers in China. Later evaluation by cybersecurity agency Lookout appeared to substantiate the preliminary findings.
Earlier this month, Google’s safety workforce warned customers about 18 zero-day vulnerabilities in well-liked Android gadgets, together with the corporate’s Pixel 6 and seven telephones. Google is working to harden its platform by constructing safety into the Android firmware.
This safety state of affairs is among the issues that may come up from Android’s extreme fragmentation, which may create a number of different issues for the software program builders and {hardware} producers that assist the platform.
