Is Temu legit?

Temu has become an unavoidable brand. Unknown to most up to a year ago, the online retailer exploded onto the digital scene in the United States with lavish ads and a riveting social media campaign, and has started its takeover in Europe now, too. As it positions itself to take on Amazon, you may be wondering whether Temu is legit.

The short answer is that Temu may not be safe and presents serious privacy risks. Numerous reports show that behind the cheery exterior of the app lies a web of secrets that you may not want to be drawn into. Let’s go over how we come to that conclusion.

What is Temu?

Temu is an online retailer like many others: You can order online or via the Temu app and within a few weeks your products will arrive. Temu doesn’t seem to specialize much. It offers all kinds of products, from clothes, to pet toys, to electronics. The one thing Temu’s products have in common is that they’re cheap(new window), much cheaper than any of its competitors.

This is because Temu is less a store you buy things from, and more a broker that facilitates trade between Western consumers and Chinese factories. That also explains the longer delivery times compared to home-grown retailers; when you order on Temu, it’s coming all the way from the Middle Kingdom, not a fulfillment center down the road.

Temu’s origins

Temu is only new outside of China. Inside the world’s second-largest economy it has been doing business as Pinduoduo since 2015, with the pandemic acting as the catalyst for a massive growth spurt. Pinduoduo is reported to have as many as 790 million monthly users(new window), meaning more than half of the country’s 1.4 billion people are using the app every month. 

What’s even more impressive is that PDD Holdings, Pinduoduo and Temu’s parent company, has managed to do so with only a tiny number of employees(new window), seeming to offload much of its logistics to other companies. As a result, it’s a lean company, with little overhead.

At least, little overhead in the way of administrative staff. PDD spends a lot on marketing. To launch Temu in the U.S., it spent around $3 billion in 2023(new window) according to Bernstein Research, a firm that researches companies’ finances to figure out if they’re a good investment or not. That number does not include the presumably astronomical cost of Temu’s Super Bowl ad(new window), which aired last February.

Temu doesn’t just focus on TV, either. Its biggest push seems to be on social media, with an army of influencers great and small mobilized to hawk Temu and its wares. TikTok(new window), Instagram(new window), and Facebook(new window) have all been flooded with people ordering and receiving all kinds of great products for very little money. Unsurprisingly, the overall verdict has been positive.

The Temu app

However, what may be Temu’s biggest selling point is not its marketing or its products, but rather its app. Unlike any of its competitors, you don’t just use the app to make purchases. It’s designed to suck you in with games and prizes, ensuring you stay online. 

For example, there’s a game where you make a tree grow if you take proper care of it. Like anybody who has played Farmville will tell you, that’s addictive enough, but Temu will also reward you with some spending cash depending on how the tree does. If that isn’t all, to grow the tree to its full potential and keep it there, you need special in-game items which you can only get by scrolling the Temu app. No matter what you do on the app, it’s engineered to keep you there.

The effort to keep eyeballs glued to the app isn’t new; Google and Facebook do much the same in a bid to maximize their ad revenues. However, the blend between cheap goods — addictive in and of itself to many — smooth app, and games that try and get you hooked is entirely new in the retail space.

Temu and your data

It seems that PDD isn’t just interested in selling you goods. There are indications that it’s also engaging in the same kind of surveillance that Big Tech does. This is in part to sell you more stuff on its app, but it could also be put to political ends.

As a Chinese company, there’s a good chance that any data gathered by PDD’s apps could be used by the Chinese government — in fact, Chinese firms are forced to share data(new window) with the authorities. This is one of the main criticisms leveled at TikTok(new window), the wildly popular social media app currently facing bans(new window) in several Western countries. 

The speculation around Temu as a tool for the Chinese security service has some teeth to it: Google and Apple removed(new window) Temu and Pinduoduo’s apps from their stores because of security concerns, though Temu was reinstated after updating the app. 

More seriously, the Temu app collects a lot of data, and a lot of it seems to be more than is warranted by an online shopping app. Though cybersecurity researchers(new window) have found Temu’s data harvesting to be less egregious than that of the Pinduoduo app, which even collected information about your WiFi and Bluetooth networks, its privacy policy(new window) is vague enough that there’s a lot of wiggle room.

For example, a class action lawsuit(new window) filed in the US claims that the app collects biometric data as well as network information. If true, you may wonder what Temu could possibly be using this information for.

The worst condemnation of all comes from Grizzly Research, another stock research firm, which calls Temu “cleverly hidden spyware”. In its report(new window), the firm states that the Temu app is “the most dangerous malware/spyware package currently in widespread circulation,” allowing the app to siphon off data from the whole phone, unbeknownst to users. In fact, Grizzly Research claims that PDD has taken great pains to hide everything the app does.

The report goes on to claim that this may, in fact, be PDD’s true business model: selling data in truly massive quantities. According to Grizzly, the selling of cheap knock-off goods is an unsustainable business model, the real money is in data.

Grizzly’s allegations seem plausible in many ways. The addictive app that keeps people coming back time and again is a great way to sell goods — but an even better way to sell data. Add to that the way the business is set up, with very few staff and even fewer details on how anything works, and it’s easy to become very worried. It doesn’t help that Temu hasn’t responded in any meaningful way to these allegations.

Is Temu safe?

In light of the security and privacy risks and the company’s lack of transparency, it seems to us that Temu is not safe and you should probably not have it installed on your phone, let alone use it to buy anything. While sharp deals on dog toys and sweaters are attractive, you’re paying with your data when using Temu.

Sadly, it also seems like there is no good way to protect against these risks. The app is so intrusive, effectively mining the entirety of your phone, that tools like our VPN or hide-your-email aliases(new window) simply do not work. You can hide behind a VPN, but if you are logged in to the app and the app even has access to your WiFi connection, it doesn’t matter.

Protect your privacy and security online
Get Proton VPN free

Related articles

What is DNS security?
In this article, we’ll look at DNS security, what it means for your businesses, and how using Proton VPN provides your business with the DNS security it needs.  The Domain Name System (DNS) translates human-friendly domain names to numeric IP addres
Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio
How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr
What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead.