From Arkansas Attorney General Tim Griffin who filed the lawsuit:
> Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place.
Pretty scary/shocking if this is true
Also from the lawsuit:
>App store security scans don't flag Temu's risks, the complaint alleged, because Temu can "change its own code once it has been downloaded to a user’s phone"—which means it's essentially able to transform into malware once it is past the security checkpoint.
I really want to know if the above is actually possible? I would assume this would break code signing
Reading that report more closely, it appears that the app has many characteristics the analysts considered suspicious but there's no evidence that it can actually bypass OS-level restrictions. The report is from September 2023 so if there were actually Android bugs that allowed permissions bypass I would have expected more security reporting from Google or third parties by now.
> Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place.
Pretty scary/shocking if this is true
Also from the lawsuit:
>App store security scans don't flag Temu's risks, the complaint alleged, because Temu can "change its own code once it has been downloaded to a user’s phone"—which means it's essentially able to transform into malware once it is past the security checkpoint.
I really want to know if the above is actually possible? I would assume this would break code signing