Advertisement

House Intel Republicans request FBI, SEC briefing on Temu

The members cited concerning news reports, including the exploitation of a zero-day vulnerability by parent company Pinduoduo in 2023.
Chairman Michael Turner (R-OH) speaks at a hearing with the House (Select) Intelligence Committee in the Cannon Office Building on March 12, 2024 in Washington, DC. (Photo by Anna Moneymaker/Getty Images)

Congressional Republicans on the House Permanent Select Committee on Intelligence are requesting a briefing from the FBI and Securities Exchange Commission on e-commerce app Temu and its parent company, Pinduoduo, saying both pose a potential threat to national security and the personal data of Americans.

In a letter sent Tuesday to FBI Director Christopher Wray and SEC Chair Gary Gensler, Chair Michael Turner, R-Ohio, and 13 other Republicans on the committee said they were concerned about numerous news reports over the past year that have detailed concerning business practices of Temu and Pinduoduo, which is incorporated in the Cayman Islands and headquartered in Shanghai, China.

Among those concerns was Pinduoduo’s suspension from the Google Play Store last year, after researchers discovered that its Android app contained a zero-day vulnerability that was capable of elevating administrative privileges, stealing personal data from, and installing malicious software on user devices.

“Due to the above cited incidents and many others, we are concerned about the protection of Americans’ data,” the lawmakers wrote. “Analogous to Congress’ action on TikTok, the relationship between the Chinese Communist Party, Chinese national security laws, and Americans’ data must be understood.”

Advertisement

The concerns come as Pinduoduo executives have reported surging profits over the past year, in part due to the rising popularity of Temu with American consumers. According to Statista, the app has averaged more than 50 million global downloads a month since May, numbers that outpace numbers for American e-commerce giant Amazon.

Global monthly downloads for Temu from September 2022-August 2024. (Source: Statista)


Many American-based applications and platforms have also been accused of conducting widespread surveillance on their users, but cybersecurity experts have said Pinduoduo’s app goes beyond normal business practices.

Additionally, U.S. officials have long maintained that Chinese national security and cybersecurity laws may require domestic companies to hand over personal user data in response to requests from the Chinese government.

Advertisement

Pinduoduo has readily acknowledged the risk of company data being handed over to Chinese authorities in regulatory filings. In its latest annual report to the SEC, the company highlights data security laws in China as a potential business risk, noting that one of its “challenges” around data security was “complying with applicable laws and regulations relating to the collection, use, storage, transfer, disclosure and security of personal data, including any requests from regulatory and government authorities relating to this data.”

Earlier filings by the company from 2018 flatly state “we may be required by Chinese governmental authorities to share personal information and data that we collect to comply with PRC laws relating to cybersecurity.”

But Pinduoduo has also denied wrongdoing and pushed back on claims that its code contains malware, saying in its 2024 annual report that the company has faced increased business risks because “competitors” were using the 2023 Google Play Store incident to unfairly smear the company.

“Competitors or third parties with ulterior motives could launch aggressive marketing and publicity strategies against us and place the media coverage about this incident among other innocuous or unrelated matters,” the company wrote. “We are working with stakeholders to refute the allegations while using this opportunity to review our practices.”

CyberScoop has reached out to Pinduoduo and Temu for comment.

Advertisement

In addition to requesting a briefing, House Republicans posed a number of questions to Wray and Gensler around the extent of information and intelligence sharing between the FBI and SEC on matters related to Temu and Pinduoduo.

Derek B. Johnson

Written by Derek B. Johnson

Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Latest Podcasts