In recent weeks, the Chinese application Temu has come under inspection, fueling the debate on the intrusive nature of certain applications and the risk of sensitive data exfiltration.
With over 100 million downloads in the last 9 months in Europe and the United States, this ultra-competitive e-commerce application is challenging AliExpress and Shein and highlights the rapid adoption of mobile applications.
The report published by the American company Grizzly Research last September raises concerns by suspecting Temu of massive data exfiltration, resembling espionage. The research firm invokes the precautionary principle and calls for the removal of the application, which could potentially harm the interests of the United States.
Yet another intrusive application...
Temu now joins the league of intrusive applications.
For instance, back in March, the French government prohibited the use of so-called 'recreational' applications like TikTok and several others, on the mobile devices of 2.5 million state agents.
Some applications are sometimes banned from app stores once they make headlines (as was the case with these applications : (New malware detected on Google Play, 100.000+ users affected & Two spyware tied with China found hiding on the Google Play Store) or blacklisted by companies that have deployed Enterprise Mobility Management (EMM) solutions.
This highlights the limitations of post facto protection strategies.
Data privacy compliance is necessary but is it sufficient?
While we may question Temu's compliance with regulations concerning personal data protection, it's important to keep in mind that the GDPR law only mandates transparency and user consent for processing their personal data.
Therefore, can these laws be considered sufficient to protect data, especially on a company scale?
Mobile devices are undeniably part of standard professional use. However, the impact of personal activities, even if allowed by the company, remains a point to be controlled.
Mobile Threat Detection and Response
While Android and iOS operating systems are developed with mobile security in mind, the existence of Temu, TikTok, and other leakware demonstrate that standard protections in mobile operating systems are not sufficient to safeguard user data. This underscores the need to add an extra layer of security to all mobile devices.
The simplicity and virality of mobile usage require real-time detection and response. Mobile devices introduce a new category of cybersecurity threats, ranging from targeted espionage to mass data exfiltration, which can only be effectively countered with precise detection and automated response.