Temu Under Accuse: U.S. and EU Denounce Espionage, Fraud and Forced Labor in the Chinese Empire of Cheap
- Gabriele Iuvinale
- 13 ore fa
- Tempo di lettura: 14 min
Extrema Ratio has conducted an in-depth analysis of the documentation revealing the complex legal and geopolitical challenges surrounding the e-commerce platform Temu. The battle against this Chinese-owned entity is intensifying globally.
In the United States, a growing wave of legal actions began in 2024 with a lawsuit filed by Arkansas Attorney General Tim Griffin against Temu. This escalated with a powerful joint declaration: a letter in August 2024 signed by 21 Republican Attorneys General, which put Temu's business practices under scrutiny. The matter reached a new dramatic dimension with the complaint filed on June 11, 2025, by Nebraska Attorney General Mike Hilgers.
However, concerns are not limited to the United States. The European Union has also raised its alert level, designating Temu as a "Very Large Online Platform" (VLOP) starting May 17, 2024, under the Digital Services Act (DSA). This move imposes stringent obligations on Temu regarding transparency, content moderation, and the fight against the sale of illegal or unsafe products. Notably, in October 2024, the European Commission initiated formal proceedings to assess whether Temu may have violated the Digital Services Act in areas related to the sale of illegal products, addictive service design, systems used to recommend purchases to users, and data access for researchers.
Temu, launched in the United States in 2022, rapidly conquered the market, establishing itself as the most downloaded app in the US in 2023, with users spending almost twice as much time on its platform as on giants like Amazon. Yet, behind the promise of low-cost products, the accusations are serious: Nebraska Attorney General Mike Hilgers alleges a series of violations, including the secret and illicit collection of personal data through malware (even from minors), the dissemination of false claims about product quality and pricing, the facilitation of sales of goods produced with forced labor, and the toleration of widespread intellectual property infringements. These practices, it is argued, not only deceive consumers and harm American brands but, through illegal data collection, pose a direct threat to privacy and, potentially, the national security of the United States.
Nebraska's Allegations Against Temu
Nebraska's complaint paints an alarming picture of Temu's operational model in the United States. According to Attorney General Hilgers, Temu has flooded the American market with cheap products, but at a much higher cost in terms of privacy and fair competition.
Temu as Malware and Illicit Data Collection:
The primary allegation is that the Temu mobile application operates as malware; its code is designed to exfiltrate an enormous amount of sensitive information from user devices, including access to microphones, pictures, messages, and data sufficient to track their movements. This occurs without users' knowledge or consent, and the app's design aims to evade detection by security operators. The State of Nebraska's independent forensic investigation confirmed that the app was designed to collect sensitive user data and evade third-party security researchers. Apple had suspended the Temu app from the Apple App Store in mid-2023 for misrepresentations regarding descriptions of the types of data the app can access or collect from users, how it does so, and for what purposes it uses that data. Similarly, Google had suspended the Pinduoduo app (Temu's precursor) from its Google Play Store in March 2023 after it was found to contain malware.
Nebraska's complaint outlines specific examples of data collected:
Granular Geolocation (GPS): The app collects real-time GPS location with an accuracy of at least 10 feet. The ACCESS_FINE_LOCATION permission was historically removed from the app's manifest for a period in 2023, only to reappear after public reports, demonstrating an intent to hide this functionality. Regardless, Temu still acquired data to infer location even without these permissions.
Wi-Fi Access Points: Temu contains the ACCESS_WIFI_STATE permission, allowing it to collect the name and signal strength of Wi-Fi networks used by the individual's device, as well as all Wi-Fi networks detected nearby. Collecting this data over time allows for the creation of a detailed map of the user's movements.
Microphone and Camera Access: Two permissions Temu includes in its app are requests for CAMERA and RECORD_AUDIO, granting the app access to all audio and visual recording and storage functions of a user's device. These permissions are not adequately disclosed to users.
Intentional Android Exploitation: The Temu app's code contains the ActivityManager.getRunningTasks method. This method was deprecated by Android over a decade ago (since 2014) due to its ability to be exploited by developers seeking to acquire a user's personal information, largely by viewing their app usage patterns across their entire device. The inclusion of this method, given that Temu was founded only in 2022, suggests an intent to exploit users with older operating systems.
Lists of Installed Apps and User Accounts: Temu contains code allowing it to identify all applications installed on a user's device via the getPackageManager().getInstalledPackages method. This violates the "sandbox" principle established by Apple and Google, which prevents one app from gathering data about other apps on a user's device. Analysis revealed these queries could return app names, installation/update timestamps, versions, and unknown flags/IDs. Temu has also, at various times, had the GET_ACCOUNTS permission, allowing access to a centralized registry of online accounts.
Ties to China and the Chinese Communist Party
Concerns about data security are amplified by the fact that Temu is owned by PDD Holdings Inc., a Nasdaq-listed Chinese company that also operates the Chinese e-commerce giant Pinduoduo. PDD Holdings moved its "principal executive offices" to Dublin, Ireland, in February 2023, but maintains significant operations and subsidiaries in China.
The complaint emphasizes that Chinese law, including the National Security Law, Cybersecurity Law, and National Intelligence Law, mandates Chinese companies to cooperate with the government's intelligence apparatus, including by providing user data upon request. Attorney General Hilgers asserts that the data illicitly collected by Temu from Nebraska citizens is being sent to and used by the Chinese government. This dynamic is viewed as another way China can extract and exploit information about Americans for its own purposes. This concern was explicitly raised by the 21 Attorneys General in their letter, stating that "like other companies subject to CCP control, Montana believes that Temu is obligated to collect and send Montana consumer data to the CPP on demand." They further asked Temu and PDD Holdings to disclose whether the CCP or its affiliates have ever requested or received data on U.S. citizens, and in what quantities.
Deceptive Business Practices
Temu is accused of employing deceptive practices to maximize the number of users and, consequently, the amount of data it can exfiltrate. These practices include:
False Representations of Product Quality: Despite claims of "affordable quality products," goods received are often of low quality, contradicting images and descriptions. Many reviews and descriptions are allegedly copied directly from other sites like Amazon.
False Reference Pricing: Temu displays products with seemingly steep discounts, but the advertised "full price" is inflated or never real, making the "discounted" price merely the product's regular market price.
Unordered Charges and Deliveries: Numerous consumers have complained about receiving mysterious packages they did not order and being charged for these purchases or other unrequested items. These incidents frequently occur after consumers make comparatively small purchases, with much larger charges and deliveries then made using the same information provided during the legitimate checkout.
Use of Forced Labor: A serious accusation is that much of the merchandise sold on Temu is likely produced using forced labor from the Uyghur minority in China's Xinjiang province, in violation of the U.S. Uyghur Forced Labor Prevention Act (UFLPA). Temu allegedly has no system in place to ensure UFLPA compliance. The U.S. House Select Committee on the Chinese Communist Party has revealed disturbing information about Temu's failure to comply with American laws prohibiting the use of forced labor by Uyghurs. Temu admitted to the Select Committee that it "does not have a policy in place to prohibit the sale of goods from Xinjiang—the location of the CCP's ongoing genocide against the Uyghurs—on [their] platform." Furthermore, the Select Committee found that "Temu conducts no audits and reports no compliance system to affirmatively examine and ensure compliance with the UFLPA," relying instead on its China-based suppliers to voluntarily report violations of "boilerplate terms and conditions that prohibit the use of forced labor." Based on the evidence collected, the Select Committee concluded that Temu's poor compliance system "virtually ensures that shipments from Temu containing products made with forced labor are entering the United States on a regular basis, in violation of the UFLPA."
Sign-Up Scams and Deceptive Incentives: Temu uses tactics such as "affinity scams" or "chain-letter-like" schemes, offering credits and free items to users who invite friends to sign up. This allegedly leads to a barrage of emails and spam notifications.
Fake Reviews: Temu allegedly compensates users to write reviews, which are "obviously skewed positive." In some cases, negative reviews are automatically "upgraded" to a 5-star rating.
Intellectual Property Infringement and Misleading Origin
Temu is accused of allowing the proliferation of products that infringe copyrights and other intellectual property, despite claiming a "comprehensive" policy to that effect. The process for reporting violations is allegedly cumbersome and ineffective, making it difficult for rights holders, especially small businesses, to assert their claims. Consumers in Nebraska are allegedly harmed by the proliferation of counterfeit and often low-quality imitations.
Specifically, Temu advertises and sells products with traditional Nebraska brands such as Union Pacific, Cabela's, the University of Nebraska Cornhuskers, and the Creighton Bluejays, falsely presenting them as authentic and licensed. Additionally, Temu uses a "local" tag for products shipped from warehouses in the United States, misleading consumers into believing they are supporting local businesses, even if the products originate from China.
"Greenwashing"
To incentivize purchases, Temu claims to donate a portion of sales to a "Tree Planting Program" with the organization "Trees for the Future." However, the complaint notes that the percentage of sales actually donated is extremely small (less than 0.03% of Temu's total revenue in 2023), and this is not disclosed to customers, creating a misleading image of environmental sustainability.
Specific Counts
The Nebraska Attorney General has formulated four main counts, based on state consumer protection laws and deceptive trade practices:
Violations of the Consumer Protection Act – Privacy Harms (Neb. Rev. Stat. § 59-1602 et seq.):
The complaint accuses Temu of "unfair" or "deceptive" acts and practices in trade, specifically for the covert collection and exfiltration of PII (Personally Identifiable Information) from users via an app designed to evade detection. Apple and Google's intervention in suspending related apps is cited as evidence of the extreme nature of the conduct.
Violations of the Consumer Protection Act – Commercial Harms (Neb. Rev. Stat. § 59-1602 et seq.):
The complaint pertains to the described deceptive commercial practices, including false representations of product quality, misleading reference pricing, unauthorized charges, and the use of forced labor.
Violations of the Uniform Deceptive Trade Practices Act – Privacy Harms (Neb. Rev. Stat. § 87-301 et seq.):
The complaint specifically highlights false or misleading statements in the privacy policy and the collection of personal data without consent. This also references Apple and Google's intervention and the hidden nature of the violations.
Violations of the Uniform Deceptive Trade Practices Act – Commercial Harms (Neb. Rev. Stat. § 87-301 et seq.):
The complaint covers a wide range of deceptive commercial practices, including "passing off" goods as those of another, causing confusion about product origin, using misleading geographic origin designations ("local"), false advertising, false statements about price reductions, and employing referral or chain referral sales techniques.
The Nebraska Attorney General seeks a permanent injunction preventing Temu from acquiring, maintaining, and otherwise utilizing Nebraska residents' PII, from allowing widespread intellectual property infringement, and requests civil penalties, direct economic damages for each affected Nebraska resident, and the payment of all costs and fees for the legal action.
The Broader Context: China's Systemic Challenge to the Western Economy
The legal action against Temu is not an isolated incident but reflects a growing concern in the United States and other Western countries regarding Chinese companies' business practices and their implications for national security and the economy.
China's Predatory Mercantilism:
Temu's business model, characterized by extremely low prices, aggressive user acquisition, and alleged illicit data collection and intellectual property infringement, is often cited as an example of "predatory mercantilism." This approach, supported or tolerated by the Chinese state, aims to dominate global markets, acquire data and technology, and weaken foreign competition. Practices attributed to the Chinese government contributing to this model include:
Fiscal stimulus, tax cuts, and incentives: Includes access to cheap or free land, low-interest credit, and easier access to securities markets.
Antitrust policy directed against disadvantaged competitors: Favors Chinese enterprises over foreign ones.
Privileged government procurement: Chinese enterprises benefit from preferential treatment.
Currency manipulation: To make Chinese products more competitive abroad.
Export financing: Granted above OECD guideline levels.
Tariffs and domestic market shares: The government allocates market shares to Chinese enterprises.
Hardball (unscrupulous) policy for foreign market access: Includes support for foreign corrupt business practices.
Tax incentives and R&D subsidies favorable to Chinese enterprises: To promote their growth and innovation.
Limited export control regime: Which can facilitate the transfer of sensitive technologies.
Market entry bans and other preferential policies: To protect and favor domestic enterprises.
Distortion of prices and costs throughout its economy: Pertains to energy, wages, and raw materials, to export undervalued goods and services worldwide.
Overcapacity and economic coercion: Tools used to impose its economic will.
Acquisition of technology, intellectual property (IP), and know-how: Through illicit, coercive, or secret means.
National security/intelligence laws: Requiring the transfer of data, information, and technology to Chinese authorities.
National technology standards: Used as a commercial weapon for the benefit of Chinese companies (e.g., WLAN authentication and privacy infrastructure or WAPI, draft CPU/OS/ standards for Chinese computers, and 5G cell phone standards).
Corporate social credit system: To monitor and influence corporate behavior.
Unconventional warfare: Including drug, economic, financial, business, trade, resource, regulatory, legal, educational, media, propaganda, industrial, cyber, and DarkNet warfare.
Impact on Nebraska Consumers
The complaint highlights that Nebraska consumers have suffered and continue to suffer harm due to the invasion of privacy stemming from the deceptive and unconscionable acquisition and possession of their PII by the defendants. Nebraska citizens have a reasonable expectation of privacy in the PII contained on their mobile devices, as well as in their autonomy interests of the mobile devices themselves. Many categories of data and information collected are considered particularly sensitive, such as physical and digital location tracking data, which can reveal private living patterns, including where they work, reside, and attend school, and can expose deeply private and personal information about health, religion, politics, and intimate relationships.
The Data War
In a digital age, data is the new currency. The alleged massive and covert collection of personal data by Temu, especially granular geolocation, lists of apps and accounts, and user behavior data, is an immense strategic asset. If this data falls into the hands of the Chinese government, as suggested by the complaint, the implications for individual privacy and national security are profound. It can be used for espionage, political influence, or to fuel artificial intelligence algorithms for China's benefit.
Precedents and Government Reactions
The suspension of the Pinduoduo app (Temu's parent) by Google for malware, the banning of Temu from government devices in Montana, and congressional investigations in the United States into Temu demonstrate that Nebraska's concerns are not isolated.
Other American States and Temu:
The investigation reveals that Nebraska is not the only state to have taken action against Temu or expressed concerns.
Arkansas: As mentioned, the current situation stems from a previous lawsuit filed in 2024 by Arkansas Attorney General Tim Griffin against Temu.
Montana: The State of Montana recently banned the Temu app—along with other popular apps "tied to foreign adversaries" such as TikTok, WeChat, and Telegram—from government devices due to significant threats to user security and privacy. Montana Attorney General Austin Knudsen, along with Attorneys General from 20 other states (Alabama, Alaska, Florida, Georgia, Idaho, Indiana, Iowa, Kansas, Louisiana, Mississippi, Missouri, Nebraska, New Hampshire, North Dakota, Oklahoma, South Carolina, South Dakota, Tennessee, Virginia, West Virginia), sent a letter to Temu and PDD Holdings Inc. on August 15, 2024. In the letter, the Attorneys General express "serious concerns" about Temu's compliance with state consumer protection laws, specifically citing Temu's non-compliance with the UFLPA and its "likely (and extensive) violations" of federal law. Montana also expressed additional concerns about Temu's and PDD Holdings' data collection practices, believing that Temu is obligated to collect and send Montana consumer data to the CCP on demand. With the Montana Consumer Data Privacy Act taking effect on October 1, 2024, Montana fears Temu will flout Montana law given the CCP's history of using CCP-affiliated companies to target and track U.S. consumers. The letter demanded that Temu and PDD Holdings clarify the following points within 30 days:
Whether Temu or PDD Holdings collects U.S. consumer data, and if so, the type of data collected (including consumer preferences, biometric data, political leanings, health data, race, religion, or sex), the rationale for such collection, and how consumers are notified.
How U.S. consumer data is retained and stored, and what security measures are in place to prevent unauthorized third-party access.
Whether the CCP or its affiliates have requested or received data on U.S. citizens, and the number of such directives or requests received, and what data was requested and whether any data was turned over.
What consumer data Temu or PDD Holdings retains when an individual consumer requests their data be deleted, or their account deactivated.
Whether Temu or PDD Holdings sells U.S. consumer data, to whom, and with what safeguards for U.S. consumer identities. Also, the percentage of profits attributable to retail sales versus data sold to third parties.
Whether former CCP members are on PDD Holdings' executive leadership team and have access to U.S. consumer data, and the nature of their access.
How Temu certifies that products sold on its platform are not produced by slave labor.
All past and currently employed measures by Temu, including internal or external audits, or any rules and guidelines imposed on third-party vendors or suppliers.
How Temu warrants to consumers the products sold on its platform do not involve the use of slave labor.
Given that Pinduoduo (Temu's sister app), also owned by PDD Holdings, was removed from Google Play in 2023 after experts discovered malware that could be used to spy on users, whether the same app developer created the Temu app and what measures Temu has taken to ensure the app is free of malware or other spying programs.
What steps Temu or PDD Holdings takes to notify consumers that products sold on its platform are subject to safety recalls and to warrant the safety of products sold on its platforms.
U.S. Congress: The complaint cites a "congressional investigation" into Temu, based on "concerns about Temu and the amount of data collected." The House Select Committee on the Chinese Communist Party also published an Interim Report titled "Fast Fashion and the Uyghur Genocide," which concludes that "Temu does not have any system to ensure compliance with the Uyghur Forced Labor Prevention Act (UFLPA). This all but guarantees that shipments from Temu containing products made with forced labor are entering the United States on a regular basis, in violation of the UFLPA."
Conclusion: A Broader Battle
Nebraska's lawsuit against Temu is more than a simple consumer protection dispute. It is a chapter in the growing "technological and influence war between the United States and China." Temu's practices, if proven, represent a direct challenge to data sovereignty, fair competition, and national security. The outcome of this lawsuit, and others like it, could have profound implications for how Chinese companies operate in Western markets and for the protection of citizens' data globally.
The European Union's stance on Temu highlights a growing convergence of concerns at the international level. While not directly cited in the Nebraska complaint, the EU has shown increasing interest in the practices of Chinese e-commerce platforms. The EU, through the Digital Services Act (DSA), designated Temu as a "Very Large Online Platform" (VLOP) starting May 17, 2024, imposing stricter obligations on it regarding transparency, content moderation, and the fight against the sale of counterfeit or unsafe products. This designation also entails greater oversight of Temu's algorithmic systems and the management of systemic risks, including those related to the dissemination of illegal or dangerous goods.
In October 2024, the European Commission initiated formal proceedings to assess whether Temu may have violated the Digital Services Act in areas related to the sale of illegal products, addictive service design, systems used to recommend purchases to users, and data access for researchers. This decision followed preliminary analyses of the risk assessment report provided by Temu at the end of September 2024, responses to the Commission's formal requests for information on June 28, 2024, and October 11, 2024, as well as information shared by third parties and through the cooperation mechanism with national authorities (particularly with the Irish Digital Services Coordinator). Specifically, the investigation focuses on:
Temu's systems to limit the sale of non-compliant products in the European Union, including systems aimed at limiting the reappearance of previously suspended dishonest traders known for selling non-compliant products, as well as systems aimed at limiting the reappearance of non-compliant goods.
The risks associated with addictive service design, including game-like reward programs, and Temu's systems to mitigate risks arising from such addictive design, which could have negative consequences for a person's physical and mental well-being.
Compliance with Digital Services Act obligations related to how Temu recommends content and products to users, including the obligation to disclose the main parameters used in Temu's recommendation systems and to provide users with at least one easily accessible option that does not rely on profiling.
Compliance with the Digital Services Act obligation to allow researchers access to Temu's publicly accessible data.
The will of Attorney General Hilgers to "protect Nebraska consumers, brands, businesses, creators, and children from Temu's unlawful practices, hold Temu accountable, and put a stop to its conduct" is a clear signal that tolerance for business models perceived as predatory and linked to authoritarian regimes is waning, both in the United States and in other key jurisdictions.
댓글