As Temu takes on fraudsters, its own alleged data privacy abuses loom large

The Chinese budget shopping site Temu is taking legal action against fraudsters operating fake Temu apps in the US. This is the latest in a spate of high-profile lawsuits that have beset Temu’s rapid US expansion during its first year in business.

Capitalising on Temu’s reputation as the “internet’s local dollar store”, some websites are prompting consumers to download counterfeit Temu apps by using domain names resembling Temu’s. Having lured in cash-strapped customers with tantalising discounts, scammers may then directly steal user details or infest their devices with malware.

“Fraudsters are posing as Temu on fake apps and websites to scam consumers. This not only damages our reputation but also hurts consumers who were deceived into believing they were engaging with genuine Temu platforms,” a Temu spokesman told the press in a statement.

According to the lawsuit, filed on 7 November, seven websites in the US have attempted to do this under domain names such as and

Owned by Pinduoduo’s parent company PDD Holdings but headquartered in Boston, Temu was founded just over a year ago and has been aggressively promoted on Facebook and Instagram ever since. Its discount-oriented model has proved successful amid a cost of living crisis, landing the app in the top spot on the US App Store downloads list for the better part of 2023.

As Temu cracks down on imposter sites to safeguard its users, the company itself has been accused of sweeping data privacy violations. In a class action lawsuit filed in Illinois this month, a group of Temu users assert that the app intentionally uses tools that “execute virulent and dangerous malware and spyware activities on user devices”.

The lawsuit quotes experts that say Temu gains access to “literally everything on your phone,” including the ability to read private messages and change phone settings. Similar to the current discourse around TikTok, these users and experts are concerned that the data Temu allegedly phishes from users could end up in the hands of the Chinese government and have wider implications for US national security.

Temu has denied the allegations, claiming it only collects data necessary for its operations and that it complies with data privacy laws.   


Join our newsletter