Google has suspended the Chinese shopping app Pinduoduo after discovering that versions of the app not in the Play Store have been found to contain malware and the current version is “not compliant with Google’s Policy”. With approximately 900 million users, Pinduoduo is one of China’s most popular e-commerce platforms.
“Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect,” Ed Fernandez, a Google spokesperson said.
Google Play Protect scans for malicious apps installed on Android phones and will recommend that users uninstall them. Play Protect currently prevents users from installing the Pinduoduo app.
Furthermore, a Pinduoduo spokesperson said in a statement to CNN, “We are communicating with Google for more information. We have been told that there are several other apps that have been suspended as well.”
In a later statement Pinduoduo said it strongly rejects “the speculation and accusation that Pinduoduo app is malicious just from a generic and non-conclusive response from Google.”
It reiterated that “there are several apps that have been suspended from Google Play at the same time.”
Google Play has yet to confirm other suspended apps and has asked users with off-store, which is another way of saying side loading, versions to uninstall it.
Ted Miracco, CEO, Approov had this to say:
“Mobile attestation is the process involved in verifying that the app was signed by a trusted party and has not been modified since it was signed. If mobile app developers use Google Play Integrity for the attestation process involved, they leave substantial end-users out of the process as both Huawei and Xiaomi smartphones typically do not have access to Google Play attestation capabilities and many Samsung devices support app attestation through their own Samsung Knox (a mobile security platform that provide security features, including app attestation).
“It is incumbent on developers to ensure that only genuine apps can access the APIs, otherwise they are opening up their users to the possibilities of malware or credentials being stolen from the app. Attestation across all mobile platforms is both necessary to protect APIs and to ensure the safety of the end users.”
I didn’t see a mention of the Apple versions of this app in the CNN story. I am guessing that because it’s much harder (but not impossible) to slip such code into apps on Apple’s App Store. And apps on that platform need to be signed. Plus side loading isn’t a thing on iOS. Some clarification on that would be handy. But if that’s the case, then as stated above, Google needs to move towards that sort of model as that will keep people safer.
Like this:
Like Loading...
Related
This entry was posted on March 21, 2023 at 11:59 am and is filed under Commentary with tags China, Google. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Google Blocks Chinese App Pinduoduo Over Security Concerns
Google has suspended the Chinese shopping app Pinduoduo after discovering that versions of the app not in the Play Store have been found to contain malware and the current version is “not compliant with Google’s Policy”. With approximately 900 million users, Pinduoduo is one of China’s most popular e-commerce platforms.
“Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect,” Ed Fernandez, a Google spokesperson said.
Google Play Protect scans for malicious apps installed on Android phones and will recommend that users uninstall them. Play Protect currently prevents users from installing the Pinduoduo app.
Furthermore, a Pinduoduo spokesperson said in a statement to CNN, “We are communicating with Google for more information. We have been told that there are several other apps that have been suspended as well.”
In a later statement Pinduoduo said it strongly rejects “the speculation and accusation that Pinduoduo app is malicious just from a generic and non-conclusive response from Google.”
It reiterated that “there are several apps that have been suspended from Google Play at the same time.”
Google Play has yet to confirm other suspended apps and has asked users with off-store, which is another way of saying side loading, versions to uninstall it.
Ted Miracco, CEO, Approov had this to say:
“Mobile attestation is the process involved in verifying that the app was signed by a trusted party and has not been modified since it was signed. If mobile app developers use Google Play Integrity for the attestation process involved, they leave substantial end-users out of the process as both Huawei and Xiaomi smartphones typically do not have access to Google Play attestation capabilities and many Samsung devices support app attestation through their own Samsung Knox (a mobile security platform that provide security features, including app attestation).
“It is incumbent on developers to ensure that only genuine apps can access the APIs, otherwise they are opening up their users to the possibilities of malware or credentials being stolen from the app. Attestation across all mobile platforms is both necessary to protect APIs and to ensure the safety of the end users.”
I didn’t see a mention of the Apple versions of this app in the CNN story. I am guessing that because it’s much harder (but not impossible) to slip such code into apps on Apple’s App Store. And apps on that platform need to be signed. Plus side loading isn’t a thing on iOS. Some clarification on that would be handy. But if that’s the case, then as stated above, Google needs to move towards that sort of model as that will keep people safer.
Share this:
Like this:
Related
This entry was posted on March 21, 2023 at 11:59 am and is filed under Commentary with tags China, Google. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.