A shopping app that didnât exist four months ago might be changing the game of e-commerce, however, experts say itâs also raising concerns about data privacy risks for Canadians.
Garnering conflicting reactions from customers throughout Canada and the U.S., Temu has been making waves on social media platforms over the last two months. The one-stop-shopping service recently became one of North Americaâs most downloaded free apps on both the App Store and Google Play, thanks in part to its reputation of offering steep discounts on a vast assortment of products, along with opportunities for credit incentives through encouraging sign-up offers.
However, one cybersecurity expert warns that Temu, like any e-commerce app that doesnât fall under Canadian data protection laws, could present a risk that more shoppers should evaluate.
âWithin the last year or so there has been increasing concern about spying from foreign states,â Fred Nerenberg, a senior cybersecurity consultant at a Canadian security firm, told CTVNews.ca over the phone. âBut when it comes to peopleâs data, you are forfeiting your personal information and your browsing habits and your interests to a company that may or may not have ties to foreign governments where that data would be subject to ownership by those foreign states,â he explained.
Temuâs parent company, PDD Holdings, is publicly traded on the New York Stock Exchange. The company has subsidiaries primarily registered in Chinaâmeaning it could be subjected to regulation by Chinese authorities. This is according to a by the U.S.-China Economics and Security Revision Commission (USCC), which warned that the companyâs Chinese ownership raises concerns about cybersecurity, data privacy, and national security concerns.
But how could online shopping present such a digital threat?
âYouâre essentially at the mercy of what those companies are doing with your data,â Nerenberg explained, referring to the wide net of data-collection these e-commerce services cast. âI think what they choose to do with it is sort of up in the air. Itâs under a different jurisdiction.â
Nerenberg said âquite a bit of information about your clienteleâ can be inferred based solely on browsing habits.
Apps like Temu, he said, can collect metadata that reveals how long customers have looked at certain products and how many times they revisited certain pages. This can be used to build data profiles that allow companies to precisely target people with ads that feature products they will be more inclined to purchase.
Nerenberg says the threat could apply to all e-commerce services with international distribution.
, Target once figured out one of its teenaged customers was pregnant before her father did, based on her online browsing data.
âThese companies could theoretically build those same profiles. So itâs no different than the companies here, but how is that information being used by foreign states?â
Temu is an off-shoot of Pinduoduo, a Chinese e-commerce giant. , Pinduoduo was found to be capable of bypassing usersâ mobile security software to monitor activities on other appsâincluding checking notifications and reading private messages. According to a CNN investigation involving cybersecurity researchers in Asia, Europe and the U.S., malware on the Pinduoduo app exploited security vulnerabilities in Android operating systems in order to gain access to data not normally accessible by apps.
Nerenberg cautions against pursuing flashy online discounts while ignoring privacy concerns.
âJust because youâre being offered a cheaper product doesnât necessarily mean that you are getting the better end of the deal,â he said.
âKeep in mind where you are forfeiting your data to. How is that data going to be used, and if itâs against your risk profile, then why are you using it anyway?
CTVNews.ca has reached out to Temu for comment and is still awaiting a response.