Popular Chinese shopping app Pinduoduo actually contains malware — delete it now

A picture of the Pinduoduo app running on an iPhone
(Image credit: Shutterstock)

Following the recent success of Temu, you might be looking for other online shopping apps with great deals. However, there’s one in particular you need to watch out for following a new warning from Google.

According to a new report from TechCrunch, the search giant has flagged several apps made by the Chinese e-commerce giant Pingduoduo as malicious since they contain malware.

In fact, over the last few weeks, Chinese security researchers have gone as far as to accuse the rising e-commerce company with 800 million active users of making Android apps with malware specifically designed to monitor users.

If you’re one of the people that has downloaded Pingduoduo looking for a great deal, you should immediately delete the app or risk having your shopping habits monitored and scrutinized by a Chinese company.

Not all of Pinduoduo’s apps contain malware

smartphone malware

(Image credit: Shutterstock)

Although several of Pinduoduo’s Android shopping apps have been found to contain malware, the official version — that up until recently was available on the Google Play Store — did not.

In a statement to Tom’s Guide, a Google spokesperson provided further insight on the matter, saying:

“Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect. Google Play Protect checks Android devices with Google Play Services for potentially harmful apps from other sources. Google Play Protect enforcement has been set to block installation attempts by these identified malicious apps. Users that have malicious versions of the app downloaded to their devices are warned and prompted to uninstall the app. We have suspended the Play version of the app for security concerns while we continue our investigation.”

What this means is that Google’s built-in security app, Google Play Protect is now warning users that have Pinduoduo installed that it may be malicious. At the same time, the official version of the app has been removed from the Play Store.

To make matters worse, a security researcher that spoke with TechCrunch anonymously told the news outlet that some of Pinduoduo’s apps have been exploiting zero-day flaws to hack users. However, in a statement, a company spokesperson rejected both Google and the security researcher’s claims.

How to stay safe from malicious shopping apps 

A hand holding a phone securely logging in

(Image credit: Google)

Besides having Google Play Protect enabled on the best Android phones, you may also want to install one of the best Android antivirus apps for additional protection from malware and other viruses.

As for trying out new shopping apps, you always want to be careful given how much information you need to provide to order items from them. Besides your address, you also have to provide your credit card information to complete an order. As such, if a shopping app is malicious, hackers have more than enough information to commit identity theft.

This is why you should stick to known and trusted apps and services when shopping online. Likewise, if a deal or even an app full of deals seems too good to be true, it probably is.

Pinduoduo’s official Android app may return to the Play Store eventually once Google completes its investigation into these claims the app is spreading malware.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.