Temuthe Chinese fast fashion app that quickly conquered the European market, is once again in the spotlight over concerns about data security. In fact, we told you about a report from the National Cybersecurity Testing Institute (NTC) that raised some doubts about the app’s practices, indicating potential vulnerabilities related to dynamic code loading and advanced levels of encryption.
Despite the concerns, the NTC stressed that no critical security risks or evidence of unauthorized surveillance had emerged. The report highlighted how the Temu app uses a system of dynamic code loading which allows developers to change the behavior of the app without the need for official updates via the App Store.
While this approach can make features and user experience more flexible, it raises questions about transparency of operationssince it allows the app to modify contents and functions without the direct control of users. This, according to experts, could potentially open the way to vulnerabilities or abuse.
Furthermore, the report highlighted the use of advanced levels of encryption, which, while they can protect sensitive data from unauthorized access, could also hide unwanted activities. This raises concerns that transparency in data management is not fully guaranteed. However, the NTC also clarified that no concrete signs of unauthorized data transmissions were found.
Temu’s statements
In response to these allegations, Temu provided us with an official statement in which underlines its transparency and commitment to user safety. Temu highlighted that the dynamic code loadinga process that allows developers to modify the app without manual updates, does not pose a threat in itself.
According to the company, this system allows developers to customize the features and content of the app without having to release updates, ensuring a smooth user experience. Temu also pointed out that the use of this type of code is a common practice in many other applications, without necessarily implying risks to the security or privacy of users.
As for the advanced encryption technologies used by the app, Temu reiterated that these were implemented to improve data protection against unauthorized access. The company said that using additional encryption is a legitimate measure to ensure the security of sensitive data, and that there is no evidence that such encryption hides unwanted data transmissions.
As for the accusations of lack of transparency, the fast fashion giant emphasized its commitment to ensuring the protection of user data. The company shared the results of a security audits conducted by DEKRA, an independent certification that confirmed the app’s compliance with MASA (Mobile Application Security Assessment) security standards. He also recalled that he actively collaborates with cybersecurity platforms such as HackerOneinviting external researchers to identify and fix potential vulnerabilities.
Temu also guaranteed that all European user data is stored within the European Economic Area (EEA) and that any transfer of data to third countries takes place in full compliance with European legal regulations on privacy.
It also highlighted its transparency and security policy, ensuring that its operations are aligned with global e-commerce standards. Concluding he confirmed that the app continues to comply the same safety standards and data protection adopted by other highly successful e-commerce platforms, such as Amazon and AliExpress.