Google has suspended the Play version of the Chinese shopping app Pinduoduo made by Chinese ecommerce giant PDD Holdings after discovering malware in off-Play versions of the software.
The move comes after multiple Chinese security researchers reported that Pinduoduo Android versions contained malware designed to monitor users. While Google Play Store is not available in China, malicious versions of the app were discovered on the custom app stores of some electronics companies like Samsung, Huawei, Oppo and Xiaomi, according to tech news site TechCrunch.
A Google spokesperson said that the tech giant is investigating the matter and suspended downloads of the Play Store version of Pinduoduo as a security precaution.
“Google Play Protect enforcement has been set to block installation attempts of these identified malicious apps. Users that have malicious versions of the app downloaded to their devices are warned and prompted to uninstall the app,” the Google representative said.
Shawn Chang, founder and chief executive officer of Hong Kong-based security firm HardenedVault, told Bloomberg that based on publicly available information PDD appears to have used “nday/0day exploits, targeting Android parcel serialization/deserialization to gain system privileges.”