|
|
|
|
|
|
by nirui
1184 days ago
|
|
|
It's odd to me that the Cyberspace Administration of China or other "related departments" are really quiet on this. Isn't this is one of the very things that they should be keeping their watchful eyes on? Add to the funniness, there is a report posted by CNCERT just last month on their website showing their tests on Chinese online shopping apps[1] which includes Pinduoduo. If you see their investigations and numbers, you probably think Pinduoduo is fine (really, take look the report), LOL. (Note: in case you're wondering, corruption on a small routine report like this is very unlikely, but CNCERT probably did not look very deep into the rabbit hole at all) [1] (It's obviously in Chinese): https://www.cert.org.cn/publish/main/8/2023/2023020210325795..., https://www.cert.org.cn/publish/main/upload/File/shoppingapp... In the end, you still need independent experts such as like Liu Huafang to alert the country through public exposures, just like, you know, what has happened few years ago. |
|
|
That's... not the impression I got? Pinduoduo is called out as the app that uses the most Android permissions (all four tested); while many apps are found to access the clipboard, only Pinduoduo and Taobao upload the content, and unlike Taobao, Pinduoduo doesn't just do this during a product search but also when not using the app. It's not as bad as other apps on some aspects (Suning Yigou requesting location 1199 times in the background, really?) but doesn't exactly look fine either.
My guess is that CNCERT collected this information with a test harness that logged access to standard Android APIs and wasn't designed to detect exploits; they'll need to up their game next time.