An American think tank has issued a warning about significant risks associated with the Chinese cross-border e-commerce platform Temu, suggesting that the threat it poses could be on par with that of TikTok. Experts caution that Temu may be a disguised spyware and cyber warfare tool operated by the Chinese Communist Party (CCP) under the guise of an e-commerce website.
Over the past few years, several American officials and experts have raised concerns about the CCP’s use of TikTok to spread misinformation and manipulate public opinion in the United States. In response to such worries, President Biden signed a law in April this year, mandating ByteDance, the Chinese-controlled company that owns TikTok, to divest TikTok within a specified period, or face a ban in the U.S.
However, some experts believe that while the law addresses the threat posed by TikTok, lawmakers need to develop more comprehensive policies to ensure that American citizens are not affected by malicious actions of the CCP.
On October 24th, the Washington-based think tank Center for Strategic and International Studies (CSIS) released a report, stating that “Temu is actually spyware disguised as an e-commerce site, designed to collect information.”
The report highlights that Temu promotes itself as a platform where consumers can “shop like millionaires,” offering fast fashion temptations while masking significant security risks. According to CSIS, Temu is encoded as a “digital parasite” designed to be extremely difficult to remove, turning users’ devices into hosts that feed on users’ data.
During installation, Temu requests more permissions than necessary, enabling it to “monitor all user activities, change settings, and be nearly impossible to remove.” CSIS warns that Temu has connections to departments within the CCP involved in data surveillance and propaganda, potentially turning it into a powerful secret surveillance tool and a potential node for Distributed Denial of Service (DDoS) attacks.
Temu was launched in the U.S. in 2022 and expanded to the European market the following year. Its business model involves bypassing intermediaries and physical stores by directly delivering products from factories to customers, offering lower-priced goods.
Privacy advocate and journalist Fergus O’Sullivan stated, “Temu isn’t like a regular shopping store; it’s more of a middleman facilitating trade between Western consumers and Chinese factories.”
With low-priced products and high-value marketing ads, Temu rapidly gained market share and experienced explosive growth. CSIS noted that during the 2024 Super Bowl, Temu spent up to $21 million on advertising and offered $15 million in giveaways, leading to a significant number of downloads among Americans.
To cope with its explosive growth, China recently announced the opening of new air cargo routes between Zhengzhou and Atlanta, Dallas, due to the rise of cross-border e-commerce platforms like Temu. In May of this year, Zhengzhou International Airport saw an 18.6% increase in cargo throughput due to platforms like Temu.
However, Temu has been facing multiple allegations, including the substantial use of U.S. customs’ de minimis exemption to avoid tariffs and inspections, selling goods involving forced labor to American society, and potentially becoming a smuggling channel for fentanyl and other prohibited substances.
In September, two leaders from the U.S. Consumer Product Safety Commission (CPSC) warned that Temu was selling “deadly infant products.”
In June, the state of Arkansas filed a lawsuit against Temu, accusing the Chinese-funded platform of violating state privacy laws, engaging in deceptive trade practices, and exploiting low-priced goods to “nearly unlimited” access to customers’ personal information without their knowledge.
The lawsuit claims that Temu entices users to unknowingly provide “nearly unlimited access to their personally identifiable information.”
“Once installed, Temu can recompile itself and change attributes, including overriding user-set privacy settings,” the lawsuit states.
CSIS cautioned that “more worrisome is that Temu, through its parent company, has business dealings with a company directly connected to the CCP Central Committee.”
According to research by the Australian Strategic Policy Institute (ASPI), Temu conducts business dealings with People’s Data through Pinduoduo, and People’s Data is directly involved in CCP-controlled media and data work.
CSIS stated, “Although it is currently unclear what data is shared between Temu or Pinduoduo and People’s Data, it is evident that this e-commerce platform has connections to the CCP Central Committee’s propaganda work.”
Grizzly Research, a market intelligence company, warned that it considers Temu to be the “most dangerous popular application.” The company pointed out that Temu possesses all the characteristics of the most aggressive malicious software/spyware.
Grizzly Research found that Temu has hidden features that can conduct extensive data penetration without users’ knowledge, potentially allowing malicious users to fully access almost all data on customers’ mobile devices.
“It is evident that the company has put significant effort into deliberately concealing the malicious intent and intrusiveness of this software,” Grizzly Research commented.
CSIS urged the federal government and Congress to take action against Temu to protect American data. They suggested that the Federal Trade Commission (FTC) investigate Temu for deceptive practices, including false advertising, fraud, and privacy violations.
“The Federal Trade Commission also has the authority to take legal action against companies that violate consumer protection laws,” CSIS noted.
CSIS also recommended that the next administration continue to enforce the executive order issued by President Biden in February this year. The order expanded measures to protect sensitive personal data of Americans, preventing data from flowing to foreign adversaries such as the CCP.
The think tank further urged that the next Congress should not enact laws targeting individual applications but should seek to expand legislation related to TikTok to restrict all applications owned, operated, or affiliated with the CCP, all of which pose significant threats to American data security.