Google has identified several apps developed by a Chinese e-commerce giant as malware, alerting users who had them installed, and has suspended the company’s official app.
Over the past few weeks, multiple Chinese security researchers have accused Pinduoduo, a rapidly growing e-commerce giant with nearly 800 million active users, of creating Android apps that contain malware designed to monitor users.
Ed Fernandez, a Google spokesperson, stated that “off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect,” referring to apps not available on Google Play.
As a result, Google has activated Google Play Protect, its Android security mechanism, to block users from installing these malicious apps and to warn those who have them installed, prompting them to uninstall the apps.
Fernandez added that Google has suspended Pinduoduo’s official app on the Play Store “for security concerns while we continue our investigation.”
A security researcher, requesting anonymity, alerted to the claims against the apps and said their analysis also found that the apps were exploiting several zero-day exploits to hack users.
Pinduoduo’s spokesperson Kong Ho told in an email that “we strongly reject the speculation and accusation by some anonymous researcher and non-conclusive response from Google that Pinduoduo app is malicious.
There are several apps that have been suspended from Google Play at the same time and we find it peculiar that it chose to single out Pinduoduo.”
As a test, we installed one of the suspected apps, which prompted an alert that the app could be malicious.
It’s important to note that Google Play is not available in China, and according to the security researcher, the apps were present on the custom app stores of Samsung, Huawei, Oppo, and Xiaomi.
