Temu, a shopping app, is facing multiple state lawsuits drawing attention from consumers in the Bronx. Attorneys general in several states allege that Temu and its parent company, PDD Holdings, collected sensitive information from users’ devices. Court filings state the app can change its behavior after installation and access precise location data, a list of installed apps, and other device details. Cybersecurity experts note that if the allegations are accurate, users who downloaded the app may have had some device-level data exposed.
According to News 12 New York, attorneys general in four states have already filed lawsuits against Temu’s parent company. Scott Schober said that the app modifies its code after installation in a way that prevents detection. Temu stated to News 12 that it considers the complaints without merit and plans to ask the courts to dismiss the cases.
What the lawsuits allege
In Arizona, Attorney General Kris Mayes has filed a complaint alleging that the Temu app can infect users’ devices with malware and quietly gathers precise GPS location data, access to cameras and microphones, and lists of other apps installed on a phone, as per Arizona Attorney General’s Office. The filing also raises national-security concerns, pointing to Temu’s ultimate ownership by a Chinese company that, the complaint notes, may be required under Chinese law to turn over user data. National coverage of the Arizona case has reported that Mayes called the alleged conduct among the gravest violations of consumer-fraud law the office had seen.
Which states are suing
So far, Nebraska, Kentucky, Arkansas, and Arizona have all taken Temu to court, with complaints that broadly track each other: claims of hidden data collection, misleading listings, and counterfeit goods. The Nebraska Attorney General says Temu’s app recretly installs malware that can grant wide access to a user’s phone. Coverage in Bloomberg Law outlines Kentucky’s complaint and notes that the states are seeking injunctions to curb the conduct, restitution for consumers, and civil penalties.
How the app is accused of hiding itself
Court filings provide technical details about how the app allegedly maintains a low profile. Kentucky’s complaint describes a patching or unpacking system called Manwe, which reportedly allows the app to be updated or reconfigured directly on a device without going through an app-store review. The documents also note that portions of Temu’s mobile code resemble earlier versions of Pinduoduo’s app, which, according to the filings, could make forensic inspection and detection of the app’s activity more difficult.
Temu’s response and what shoppers should do
Temu has firmly denied the states’ allegations, saying its data practices are in line with those of other major e-commerce platforms and that it will fight the lawsuits in court, according to the statement cited by News 12 New York. While the legal battle ramps up, the Arizona Attorney General’s Office is telling residents to delete the app, shut down any Temu accounts, and run malware scans on their devices. Nebraska’s consumer guidance echoes that advice. Security experts also suggest double-checking app permissions, using retailers’ websites instead of apps when possible, and keeping your phone’s operating system and security tools fully updated.
Legal implications…