Proton VPN homepage
ProtonVPN
Is Temu legit?

Temu has become an unavoidable brand. Unknown to most up to a year ago, the online retailer exploded onto the digital scene in the United States with lavish ads and a riveting social media campaign, and has started its takeover in Europe now, too. As it positions itself to take on Amazon, you may be wondering whether Temu is legit.

The short answer is that Temu may not be safe and presents serious privacy risks. Numerous reports show that behind the cheery exterior of the app lies a web of secrets that you may not want to be drawn into. Let’s go over how we come to that conclusion.

What is Temu?

Temu is an online retailer like many others: You can order online or via the Temu app and within a few weeks your products will arrive. Temu doesn’t seem to specialize much. It offers all kinds of products, from clothes, to pet toys, to electronics. The one thing Temu’s products have in common is that they’re cheap(new window), much cheaper than any of its competitors.

This is because Temu is less a store you buy things from, and more a broker that facilitates trade between Western consumers and Chinese factories. That also explains the longer delivery times compared to home-grown retailers; when you order on Temu, it’s coming all the way from the Middle Kingdom, not a fulfillment center down the road.

Temu’s origins

Temu is only new outside of China. Inside the world’s second-largest economy it has been doing business as Pinduoduo since 2015, with the pandemic acting as the catalyst for a massive growth spurt. Pinduoduo is reported to have as many as 790 million monthly users(new window), meaning more than half of the country’s 1.4 billion people are using the app every month. 

What’s even more impressive is that PDD Holdings, Pinduoduo and Temu’s parent company, has managed to do so with only a tiny number of employees(new window), seeming to offload much of its logistics to other companies. As a result, it’s a lean company, with little overhead.

At least, little overhead in the way of administrative staff. PDD spends a lot on marketing. To launch Temu in the U.S., it spent around $3 billion in 2023(new window) according to Bernstein Research, a firm that researches companies’ finances to figure out if they’re a good investment or not. That number does not include the presumably astronomical cost of Temu’s Super Bowl ad(new window), which aired last February.

Temu doesn’t just focus on TV, either. Its biggest push seems to be on social media, with an army of influencers great and small mobilized to hawk Temu and its wares. TikTok(new window), Instagram(new window), and Facebook(new window) have all been flooded with people ordering and receiving all kinds of great products for very little money. Unsurprisingly, the overall verdict has been positive.

The Temu app

However, what may be Temu’s biggest selling point is not its marketing or its products, but rather its app. Unlike any of its competitors, you don’t just use the app to make purchases. It’s designed to suck you in with games and prizes, ensuring you stay online. 

For example, there’s a game where you make a tree grow if you take proper care of it. Like anybody who has played Farmville will tell you, that’s addictive enough, but Temu will also reward you with some spending cash depending on how the tree does. If that isn’t all, to grow the tree to its full potential and keep it there, you need special in-game items which you can only get by scrolling the Temu app. No matter what you do on the app, it’s engineered to keep you there.

The effort to keep eyeballs glued to the app isn’t new; Google and Facebook do much the same in a bid to maximize their ad revenues. However, the blend between cheap goods — addictive in and of itself to many — smooth app, and games that try and get you hooked is entirely new in the retail space.

Temu and your data

It seems that PDD isn’t just interested in selling you goods. There are indications that it’s also engaging in the same kind of surveillance that Big Tech does. This is in part to sell you more stuff on its app, but it could also be put to political ends.

As a Chinese company, there’s a good chance that any data gathered by PDD’s apps could be used by the Chinese government — in fact, Chinese firms are forced to share data(new window) with the authorities. This is one of the main criticisms leveled at TikTok(new window), the wildly popular social media app currently facing bans(new window) in several Western countries. 

The speculation around Temu as a tool for the Chinese security service has some teeth to it: Google and Apple removed(new window) Temu and Pinduoduo’s apps from their stores because of security concerns, though Temu was reinstated after updating the app. 

More seriously, the Temu app collects a lot of data, and a lot of it seems to be more than is warranted by an online shopping app. Though cybersecurity researchers(new window) have found Temu’s data harvesting to be less egregious than that of the Pinduoduo app, which even collected information about your WiFi and Bluetooth networks, its privacy policy(new window) is vague enough that there’s a lot of wiggle room.

For example, a class action lawsuit(new window) filed in the US claims that the app collects biometric data as well as network information. If true, you may wonder what Temu could possibly be using this information for.

The worst condemnation of all comes from Grizzly Research, another stock research firm, which calls Temu “cleverly hidden spyware”. In its report(new window), the firm states that the Temu app is “the most dangerous malware/spyware package currently in widespread circulation,” allowing the app to siphon off data from the whole phone, unbeknownst to users. In fact, Grizzly Research claims that PDD has taken great pains to hide everything the app does.

The report goes on to claim that this may, in fact, be PDD’s true business model: selling data in truly massive quantities. According to Grizzly, the selling of cheap knock-off goods is an unsustainable business model, the real money is in data.

Grizzly’s allegations seem plausible in many ways. The addictive app that keeps people coming back time and again is a great way to sell goods — but an even better way to sell data. Add to that the way the business is set up, with very few staff and even fewer details on how anything works, and it’s easy to become very worried. It doesn’t help that Temu hasn’t responded in any meaningful way to these allegations.

Is Temu safe?

In light of the security and privacy risks and the company’s lack of transparency, it seems to us that Temu is not safe and you should probably not have it installed on your phone, let alone use it to buy anything. While sharp deals on dog toys and sweaters are attractive, you’re paying with your data when using Temu.

Sadly, it also seems like there is no good way to protect against these risks. The app is so intrusive, effectively mining the entirety of your phone, that tools like our VPN or hide-your-email aliases(new window) simply do not work. You can hide behind a VPN, but if you are logged in to the app and the app even has access to your WiFi connection, it doesn’t matter.

Related articles

s AliExpress reliable?
  • Privacy basics
Chinese shopping platform AliExpress is undoubtedly cheap. But is it also safe and reliable, or you are likely to get scammed?
How to fix a 502 error
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.
Proton VPN for Windows ARM
We’re pleased to announce a new Proton VPN app with native support for Windows devices that use the ARM chipset.