We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description

    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.

  • Cookie
    _GRECAPTCHA
  • Duration
    180 days
  • Description
    This cookie is used by the Google reCAPTCHA service to protect the site from spam and abuse, distinguishing between real users and bots. It performs a risk analysis by collecting information on browsing behavior and device details, such as mouse movements, keystrokes, and technical data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    language
  • Duration
    1 anno
  • Description

    This cookie is used to store the user's language preference.

  • Cookie
    post_viewed_
  • Duration
    1 ora
  • Description

    This cookie prevents a single visit to an article from being counted multiple times when the page is refreshed.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _ga_*
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to count visitors to the page

  • Cookie
    _ga
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for site analytic reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

News

Temu App: security under fire

Is Temu dangerous? Let's examine the app's security issues, hidden risks, and potential data theft threats raised by cyber security experts.

Temu is dangerous

5 June 2025

Table of contents

  • The NTC report: two alarming red flags
  • Is Temu dangerous? The trust issue
  • How to protect yourself from potential risks
  • The Temu scandal and its impact on public image
  • Conclusion: stay aware, stay safe


Just five months ago, several tech news outlets were warning the public: Temu is dangerous.

The Temu app, which skyrocketed in popularity thanks to ultra-low prices and flashy ads, came under scrutiny for suspicious behavior and potential cyber security threats. Today, however, those red flags seem forgotten by most.

Meanwhile, Temu’s advertising is as aggressive as ever. So, it’s time to ask: is Temu app dangerous? Does Temu steal your data? Let’s break down what we know.

The NTC report: two alarming red flags

In December 2024, Swiss cyber security research firm NTC released an independent analysis that raised serious concerns about the Temu app.

While the report does not directly accuse the app of malicious behavior, it identifies two technical anomalies that could, if exploited, turn Temu into a vector for cyber attacks. Let’s explore both issues in greater detail.

1. Dynamic code loading: a hidden risk

The first red flag is the app’s ability to perform dynamic code loading. In practice, this means that the Temu app can change parts of its behavior on the fly by remotely downloading and executing new pieces of code, even without going through official updates on the Google Play Store or Apple App Store.

While this technique is not inherently illegal, it bypasses the security mechanisms normally enforced by official app marketplaces. The operating system has no way to validate this new code or monitor what it does.

In other words, Temu could modify its functionality in real time without user knowledge—adding features, altering operations, or, in the worst-case scenario, injecting malicious code capable of tracking user activity, stealing personal information, or even compromising the entire device.

This type of behavior is alarmingly similar to techniques used by mobile malware, and it’s one reason why experts warn of the potential for a Temu virus—an app that appears benign but silently evolves into a digital threat via stealth updates.

2. Additional encryption layers: security or obfuscation?

The second critical point concerns the use of additional layers of encryption within the Temu app.
Encryption, as we know, is a fundamental measure to protect user data from prying eyes.

However, in Temu’s case, researchers observed that the app adds a proprietary encryption layer on top of the already secure HTTPS channel.

This extra layer does not serve to protect data from external attacks, but rather makes it more difficult for security experts, independent researchers, or enterprise monitoring systems to analyze traffic.

In essence, the app not only hides what is being transmitted, but also where it’s going and how frequently. This behavior may be legitimate, but it could also mask the unauthorized transmission of sensitive data to remote servers, possibly located outside the European Union or in countries lacking adequate privacy protections.

This level of opacity makes it very difficult to understand if and when the Temu app is stealing data, and especially what kind of data is being collected: behavioral data? Personal information? Geolocation? Browsing history? All of these are plausible possibilities.

Taken individually, these two aspects could perhaps be interpreted as technical strategies to improve the app’s flexibility or efficiency. But the combination of both, in the absence of genuine transparency from the developer (China-based PDD Holdings), introduces a non-negligible level of risk—particularly for users who are more exposed or vulnerable.

In particular, professionals, corporate managers, political figures, or system administrators should consider the advisability of avoiding the use of the Temu app on devices containing sensitive or business-related data.

This is not a definitive condemnation, nor a guarantee that Temu is dangerous, but rather a set of technical signals that should not be ignored. Cyber security, after all, is not only about certainties—it is, above all, about prevention.

Is Temu dangerous? The trust issue

When we think about dangerous apps, we usually imagine obvious threats: malware that locks your phone, steals passwords, or floods you with ads. But the case of the Temu app is more nuanced.

Temu may not be dangerous because of what it does today, but because of what it could do tomorrow. And that’s where it hits the most sensitive nerve in cyber security: trust.

The risk lies in its “potential dehavior”

As detailed earlier, Temu has the technical ability to load remote code dynamically, bypassing the normal controls of Google Play or Apple’s App Store.

While not illegal per se, this is a method commonly associated with malware, spyware, or apps designed to change behavior without user consent.

A practicle example
Imagine that Temu silently introduces a background module—without a visible update—that starts tracking your location more frequently, accessing your contacts, or logging your device usage patterns. The user wouldn’t be notified, and neither Android nor iOS would necessarily detect it. Temu could do it — and you wouldn’t even know. This possibility, even if hypothetical, undermines the core of digital trust. Users install apps based on what they do at the moment of download—not what they might become later through unverified remote changes.

What happens to the data?

Now comes the key question: Is Temu stealing your data? The truth is, we don’t know—and that’s part of the problem.

Thanks to its use of additional proprietary encryption layers, the app obscures its network traffic, even from professional cyber security tools. That makes it extremely difficult to verify what data is being sent, how often, and to which destinations.

Even more concerning is the possibility that data could be transmitted to third-party serverslocated outside of privacy-regulated jurisdictions like the EU.

Could Temu be sending behavioral profiles, purchase history, or device identifiers to external actors? We can’t say for sure. But we can’t rule it out either. And in cyber security, a lack of transparency is already a red flag.

Marketing over security

Despite these concerns, Temu’s popularity is skyrocketing. Its aggressive advertising campaigns are omnipresent—on social media, mobile games, websites, even TV. The message is simple: cheap products, big discounts, flashy deals.

It’s a near-perfect lure for budget-conscious shoppers, especially younger users who may not be aware of privacy issues.

Search online for “Temu reviews” and you’ll find thousands of posts about shipping delays, product quality, and refund policies.

Very few mention Temu app security, data handling, or concerns like Temu stealing your data. This absence isn’t accidental—it’s a reflection of a marketing strategy that prioritizes experience over transparency.

The bigger pattern: it’s happened before

Temu isn’t the first app to raise such concerns.

Example
TikTok has been criticized for its massive collection of user data, with government investigations in the US and Europe. Even then, the app is “functional,” “fun,” “convenient” — but the technical architecture raises real concerns. The parallels are clear: popularity is no guarantee of security.

And Temu follows a disturbingly familiar pattern. In the end, the real question isn’t just is Temu dangerous, but rather: Can we trust an app that we can’t fully verify? Technology should empower users—not operate in the shadows. When an app’s structure prevents analysis, masks its behavior, and disables oversight, trust collapses. And in cyber security, a breach of trust is a risk in itself.

How to protect yourself from potential risks

When dealing with an app that lacks full transparency—as is the case with the Temu app—it’s essential to adopt a cautious, preventive approach.

Even in the absence of definitive proof of malicious behavior, many cyber security experts agree: good security is built on minimizing potential exposure.

1. Use Temu via browser, not the app

One of the safest choices is to avoid using the Temu app altogether. If you want to shop on the platform, do it through a web browser.

Modern browsers (like Chrome, Firefox, and Safari) sandbox website activity, meaning they severely limit what a site can do on your device.

Real-world example
When you use Temu in a browser, it can’t access your phone’s microphone, GPS, or contacts unless you explicitly allow it. On the other hand, a potentially dangerous Temu app could gain these permissions and keep running in the background.

2. Limit the app’s permissions

If you still choose to install the app, take a few minutes to manually review its permissions. On Android and iOS, you can go to Settings → Apps → Temu → Permissions and disable anything that isn’t essential.

Grant only the bare minimum. For example, Temu doesn’t need access to your camera, GPS, Bluetooth, or contacts to complete a purchase.

Example
If Temu requests Bluetooth access, ask yourself: Why would a shopping app need that? If the answer isn’t obvious, deny the permission.

3. Keep your operating system updated

Keeping your device’s operating system up to date is crucial. Security patches fix vulnerabilities that malicious apps can exploit.

Including those that use techniques like dynamic code loading, which the Temu app has been flagged for.

Example
In 2022, a series of Chinese-made apps were caught exploiting outdated versions of Android to perform unauthorized background operations. A similar behavior from Temu might go unnoticed if your device is not patched.

4. Don’t enter personal or banking information

Avoid entering any financial details directly into the Temu app. If you choose to make a purchase, opt for intermediary payment services such as PayPal, Apple Pay, or virtual cards provided by your bank.

Best practice
Use a virtual card with a spending limit. Even if Temu steals your data or leaks it to third parties, your primary bank account won’t be exposed.

Likewise, do not include your primary email, personal phone number, or tax code unless absolutely necessary.

Create a dedicated email account for online shopping, which helps isolate any spam, phishing, or data breaches linked to eCommerce platforms.

5. Consider uninstalling the app

If you manage sensitive information—whether as a business owner, IT administrator, lawyer, journalist, or executive—the safest option may be to uninstall the Temu app entirely. The small savings on discounted items are simply not worth the potential compromise of your personal or professional data.

Professional context: If you’re using the same smartphone for work and private use, and that phone contains confidential documents or client data, installing an app with uncontrolled code execution capabilities could put your entire organization at risk.

Is Temu dangerous? It depends on the context

In a private context, the impact of an app with opaque behaviors may seem marginal. But it doesn’t take much: unauthorized access to your camera, unencrypted transmission of your location, or collection of your purchase data can turn into profiling, invasive advertising, or outright identity theft.

In a corporate or institutional setting, however, the use of a potentially dangerous app like Temu could have severe consequences: leaks of sensitive files, exposure of professional contacts, or violation of data protection regulations.

In the end, cyber security is made up of everyday decisions. What you install. What you permit. What you update. These small choices define whether you’re secure or exposed. With Temu, one thing is clear: caution is not optional—it’s necessary.

Temu affair

The Temu scandal and its impact on public image

The Temu affair fits squarely into an ongoing and well-known discussion in the world of Western cyber security: the growing mistrust of apps developed by companies based in countries where privacy protections, source code transparency, and government oversight are less rigorous than in Europe or the United States.

In this landscape, Temu is not an isolated case, but the latest chapter in a broader series of controversies involving several major Asian tech players.

This has happened before: from TikTok to Huawei

There’s no shortage of precedents. Over the years, companies like Huawei, TikTok, Shein, and AliExpress have all faced scrutiny. Huawei was excluded from multiple 5G networks in Europe and the U.S. over alleged ties to the Chinese government and suspected backdoors in their hardware.

TikTok, meanwhile, continues to face government investigations in the United States, where it’s been banned from many official devices due to concerns about mass surveillance and profiling.

The Temu scandal is part of the same pattern but with a more subtle dynamic: it’s less visible in political discourse, yet deeply embedded in everyday user behavior, thanks to its addictive interface, ultra-competitive pricing, and gamified user experience that encourages compulsive use.

Concrete example
Users are encouraged to complete “missions,” refer friends, and join sweepstakes to earn discounts. Beneath this playful design, however, lies an aggressive engine for behavioral data collection—often without the user’s fully informed consent.

The strategy of normalization

One of the most troubling aspects of Temu’s impact on public perception is its normalization strategy: making the app feel like a routine part of daily digital life, while masking potential technical concerns with a clean, friendly design and a compelling, convenience-based narrative.

This is particularly effective with younger users, who are typically less concerned with privacy issues and more attracted to flash sales, giveaways, and gamified shopping mechanics.

According to AGCOM, Temu has surpassed 12 million unique monthly users in Italy alone, quickly approaching historic eCommerce giants like Amazon, Zalando, and Subito.

But this raises the question: how many of these users truly understand the risks they’re taking? And how many use the app passively, unconsciously—or worse, manipulatively influenced?

Example
A mother purchases home items through Temu after spotting a time-limited deal. She likely doesn’t realize that by installing the app and granting full permissions, she’s authorized the collection of her GPS location, Wi-Fi network details, and online behavior—all potentially shared with undisclosed third parties.

Impact on public image

Although Temu hasn’t yet faced significant institutional backlash, its reputation in cyber security circles is already compromised. The app has drawn attention from researchers, cyber security bloggers, and investigative journalists focused on digital surveillance and cyber risk.

At the enterprise level, more and more cyber security professionals are strongly advising against installing Temu on work devices, warning of the potential for unmonitored data access or leakage—particularly in corporate environments where sensitive client or operational data may be present.

Moreover, technical findings—like those reported by the NTC cyber security research group—are reinforcing the perception that Temu is a “black box”, difficult to audit, potentially dangerous, yet deeply woven into fast-consumption digital culture.

Fragile popularity

In the end, the real danger of the Temu scandal isn’t just technical—it’s cultural. It’s a warning sign that we’re entering an era where convenience wins over awareness, and popularity is mistaken for trustworthiness.

The Temu scandal is still an unfolding story. But unless we see clearer regulations, stronger transparency standards, and more investment in digital literacy, it likely won’t be the last.

Conclusion: stay aware, stay safe

Whether or not Temu is dangerous today, the bigger question is whether you’re comfortable using an app that couldbecome a threat.

In cyber security, ignoring warning signs is the easiest way to fall into a trap.

The advertising may be catchy. The prices tempting. But digital safety comes first. If you’re going to use Temu app, do so with open eyes—and strong protections.

Questions and answers

  1. Is Temu dangerous for your phone?
    Potentially yes, due to its ability to load remote code dynamically.
  2. Does Temu steal your data?
    No hard evidence exists, but its technical setup could allow for non-transparent data handling.
  3. Can I safely use Temu?
    Prefer using the browser version, and avoid sharing sensitive information via the app.
  4. Has Temu been officially accused of illegal behavior?
    Not directly, but cyber security experts are increasingly skeptical.
  5. Is Temu a virus?
    No, but its dynamic behavior resembles techniques used in malicious software.
  6. What are safer alternatives to Temu?
    Trusted platforms like Amazon and eBay, with transparent data policies.
  7. Can I make payments on Temu safely?
    Use intermediaries like PayPal rather than inputting credit card details directly.
  8. Is Temu monitored by European authorities?
    Not yet, but it could fall under future privacy and data investigations.
  9. Do online Temu reviews mention security risks?
    Rarely—most focus on product pricing and delivery times.
  10. What should I do if I feel the Temu app is unsafe?
    Uninstall the app and scan your device for unusual behavior.
8
To top