On September 7, 2023, we of Grizzly Research published our investigation results of, we believe, serious and very strategic wrongdoings by the NASDAQ-listed PDD Holdings Inc. (“PDD”), in particular by seemingly employing their TEMU shopping app as a highly sophisticated, possibly illegal, spyware and data mining tool. Please find our detailed report here: LINK
You must read the report carefully to understand the background and findings!
In this GitHub repository we offer some further technical details and files to the report.
We invite all interested collaborators to this investigation into TEMU’s potentially malicious app code. For requesting writing rights to this repository, please direct message us on Twitter: @ResearchGrizzly
--
Software to replicate our findings
To read/decompile the apps’ JAVA code we used JADX, which can be downloaded here: https://sourceforge.net/projects/jadx.mirror/
To replicate our analysis of changes in files and folder structures with the apps’ updates, you can use a tool like Beyond Compare: https://www.scootersoftware.com/
--
APK versions we investigated
We added the APK files we used to this repository (some files are compressed / split and can be decompressed / unsplit using https://7-zip.org/)
Our main analysis was done on TEMU 1.80.4: com.einnovation.temu_18004- 40676142c53a610baebdd1c599be3db5.apk
We continuously checked if PDD made substantial changes to the potentially malicious parts of the code during our investigation. They did not. The latest version we checked was TEMU 1.99.1: apk_com.einnovation.temu-1.99.1.apk
Our comparison to other mainstream shopping aps was done against the following version files.
Amazon: Amazon Shopping_26.13.6.100_Apkpure.apk
Alibaba: alibaba-com-8-21-1.apk
Ebay: eBay_ Fashion, Car Parts, Tech_6.118.0.1_Apkpure.apk
Shein: SHEIN__com-zzkko-763-65445393-3a7845767da145d08accad16cffd13a1.apk
TikTok: tiktok-30-4-15.apk
The comparison of TEMU against Pinduoduo during the Google’s ban of the Pinduoduo app in the Play Store in March 2023 is based on the following version files.
Pinduoduo before the ban: pinduoduo_6.49.0_Apkpure.apk (version 6.49.0, 23-Feb-2023)
Pinduoduo after the ban: pinduoduo_6.53.0_Apkpure.apk (version 6.53.0, 29-Mar-2023)
TEMU before the ban: com.einnovation.temu_2023-03-17.apk (version 1.55.0, 17-Mar-2023)
TEMU after the ban: com.einnovation.temu_2023-04-06.apk (version 1.58.1, 6-Apr-2023)
--
Final comment
We consulted with many cyber security experts, some with very high credentials and expertise. However, we see our publication as a starting point after which further experts might be able to unravel more wrongdoings and details by PDD with their TEMU app.
Again, please reach out to us over Twitter if you want to contribute to this malware analysis here on GitHub: @ResearchGrizzly.
--
Sincerely, Grizzly Research