• dhork@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    “Temu is designed to make this expansive access undetected, even by sophisticated users,” Griffin’s complaint said. “Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place.”

    That’s just nuts

    • paraphrand@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      5 months ago

      This is why companies like Apple are at least a tiny bit correct when they go on about app security and limiting code execution. The fact it aligns with their creed of controlling all of the technology they sell makes the whole debate a mess, though. And it does not excuse shitty behavior on their part.

      But damn

      And if they got this past Apple in their platforms. That’s even wilder.

    • dev_null@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      5 months ago

      Yeah, it is. It’s such an extraordinary claim.

      One requiring extraordinary evidence that wasn’t provided.

      “It’s doing amazing hacks to access everything and it’s so good at it it’s undetectable!” Right, how convenient.

      • GenitalHurricane@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        5 months ago

        Libmanwe-lib.so is a library file in machine language (compiled). A Google search reveals that it is exclusively mentioned in the context of PDD software—all five search results refer to PDD’s apps. According to this discussion on GitHub, “the malicious code of PDD is protected by two sets of VMPs (manwe, nvwa)”. Libmanwe is the library to use manwe.

        An anonymous user uploaded a decompiled version of libmanwe-lib to GitHub. It reads like it is a list of methods to encrypt, decrypt or shift integer signals, which fits the above description as a VMP for the sake of hiding a program’s purpose.

        In plain words, TEMU’s app employed a PDD proprietary measure to hide malicious code in an opaque bubble within the application’s executables

        • sndrtj@feddit.nl
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          5 months ago

          So wait, bit-shifting some integers is now considered being malicious? Is that really the defense here? Using that definition just about all software in existence is malicious.

          • fishpen0@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            5 months ago

            Bit shifting is not malicious on its own. Bit shifting to specifically conceal the purpose of your policy violating code from the auditors who audit the apps submitted to the App Store is malicious.

            It’s about why you are doing it and what you are doing with it and not that it’s bit shifting on it’s own.