Temu logo

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer’s mobile app spies on users.

“Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually all data on a user’s cellphone.”

Temu quickly denied the allegations.

In speaking with the outlet Ars Technica, a Temu spokesperson said “the allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded.”

According to Baclinko statistics, Temu was the most downloaded shopping app worldwide in 2023, with 337.2 million downloads, 1.8x more than Amazon Shopping, and according to TechCrunch, Temu was the most downloaded free iPhone app in the US for 2023.

Temu is most popular today likely for its exceedingly low prices (a brief scan of its website shows a shoulder-sling backpack being sold for $2.97, and a broom-and-dust–pan combo for $12.47). How those low prices are achieved has been a mystery for some onlookers, but current theories include:

  • Temu relies on the de minimis exception to ship goods directly to U.S. customers for a low price. A shipment below the de minimis value of $800 isn’t inspected or taxed by US Customs.
  • The online webshop pressures manufacturers to lower their prices even further to appease discount-seeking customers, leaving those manufacturers with little to no profit in return.
  • Most items sold on Temu are unbranded and manufactured en masse by manufacturers in China. Almost every tech product on Temu is a knockoff or “dupe” of a real, brand-name product.

But according to reporting last year from Wired, Temu’s low prices are easy to decipher—Temu itself is losing millions of dollars to break into the US market.

“An analysis of the company’s supply chain costs by WIRED—confirmed by a company insider—shows that Temu is losing an average of $30 per order as it throws money at trying to break into the American market.”

Attorney General Griffin seems determined that Temu baits users with misleading promises of discounted, quality goods and adds addictive features like wheels of fortune to keep users engaged to the app.

He called Temu “functionally malware and spyware,” adding that the app was “purposefully designed to gain unrestricted access to a user’s phone operating system.”

The lawsuit claims that Temu’s app can sneakily access “a user’s camera, specific location, contacts, text messages, documents, and other applications.” Further, the lawsuit alleges that Temu is capable of recompiling itself, changing properties, and overriding the data privacy settings set by the user. If true, this would make it almost impossible to detect, even by “sophisticated” users, the lawsuit said.

Some may suspect that this is another attempt to ban an app hailing from a “foreign adversarial country” like TikTok, but Attorney General Griffin is very clear about his reasons.

“Temu is not an online marketplace like Amazon or Walmart. It is a data-theft business that sells goods online as a means to an end.”


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.