The privacy risks posed by Temu (and how to stay safe when shopping online)

If you’re interested in fashion, you’ll almost certainly have heard about Temu. This app allows customers to get heavily-discounted goods straight from China, though unlike platforms like AliExpress, it’s primarily focused on clothing and homeware. So what’s the problem? Well, Temu logs quite a bit of information about its users and another app owned by the same company actively developed malware to try and gain access to even more.

Another issue worth mentioning: the US has been trying to reduce China’s dominance in the tech industry of late. As such, it’s difficult to tell which concerns are based in fact and which are hyperbole. This post will attempt to break down what, if any, privacy risks there are with Temu, and what you can do to stay safe when using it.

How to stay safe while shopping on Temu

If you actually want your packages to arrive, you’ll have to give Temu some of your information. That said, it’s possible to reduce the amount of data this platform has and improve your privacy by following the steps below:

1. Start by creating a new email address, ideally one that doesn’t include your real name or date of birth
2. Consider signing up for a reputable VPN. These hide your true location from the sites you visit and ensure that Temu never logs your real IP address
3. Open up a browser you don’t normally use. For instance, if you rely on Chrome, use Edge or Firefox for the next steps.
4. Use your newly-created email address to sign up for Temu. Don’t login using a Google or social media account.
5. Don’t upload a profile photo. You may also want to misspell your name, because Temu cross-references it with other publicly-available data sources to learn more about you
6. Consider paying via prepaid card so that you don’t have to provide your bank details or PayPal information
7. When you’re done, clear your browser’s cookies and cache. This stops Temu from being able to reference previously-saved data the next time you visit

What does Temu’s privacy policy say?

Temu actually has slightly different privacy policies based on where you’re accessing the website from. This isn’t unusual (GDPR information isn’t relevant to users in the US, for instance), but it does mean that the app will handle your information slightly differently depending on your location. For simplicity’s sake, we’ll be discussing the American privacy policy.

Temu states that it collects the following data in the US:

• General profile data:  Full name, email address, password, and phone number
• Billing and shipping information: Saved addresses and credit card details
• Promotional data: Preferred prize, identity verification documents, any other details provided when entering draws, sweepstakes, or giveaways
• Content you create: Profile photos, comments, questions asked, sent messages, videos, and their associated metadata
• Identity documents: Any information provided during verification process, such as your Social Security Number or a photo of your driver’s license
• Social media info: If you login using a social media account, Temu can see your profile photo, username, and anything else that’s publicly-available
• Marketing and communications info: Customer support history, marketing preferences, and whether you’ve interacted with marketing communications in the past
• Demographic information: Your gender, age, postal code, and which city you live in
• Activity records: How long you use the app, what site you were on before visiting Temu, which pages you view, and what times you use the service
• Device data: Your operating system and version, device model, which browser you’re using, who your carrier is, screen resolution, IP address, location data, unique device identifiers, and hardware metrics such as how much RAM and storage your device has
• Contact information: If you allow it, Temu will gather data from your contacts list to help you invite others to the service
• Other data: Any other information you willingly provide to the service

Is Temu bad for privacy?

There’s no getting around it: Temu stores lots of information about you, your browsing habits, and your device. However, nothing in the list above isn’t also collected by eBay or Amazon.

A few real issues hang over this company, though, so let’s address those.

First, Temu is owned by PDD Holdings, a Chinese company. The Chinese government has influenced businesses to further state interests in the past but as Kastner and Pearson note in their 2021 report Exploring the Parameters of China’s Economic Influence, “Beijing frequently has trouble controlling economic actors”, meaning there’s no guarantee that Temu is actively sharing its information with the government or acting on its behalf.

Next, we’ll take a look at PDD Holdings itself. This company owns another shopping app, similar to Temu, called Pinduoduo. Allegedly, Pinduoduo had a team of around 100 developers looking for ways to exploit vulnerabilities in Android phones, and seemingly, they succeeded. In 2023, Pinduoduo was removed from the Google Play Store for containing malware. According to experts, Pinduoduo was able to gain access to data from other apps, prevent users from uninstalling it, and bypass Google Play’s update-verification process. The company denies these allegations but shuttered its exploit-development team soon after the news broke, moving many of these employees to Temu instead.

There’s no concrete evidence that Temu is trying to undermine its users’ privacy. We do know, however, that:

• Some large Chinese firms have helped the government in their surveillance goals
• Temu employs people who previously created malware for its parent company
• Temu collects a lot of identifiable user information
• Apple previously removed Temu from its store for misleading privacy labels
• The app’s code seems designed to be difficult to analyze. There are no bug bounty programs or records of external audits

Is Temu safe and legit?

Wondering if Temu is a legitimate service? Excellent – that means you’re already following one of our golden rules for shopping online: always be suspicious of deals that seem too good to be true.

Temu is a perfectly-legitimate shopping platform, albeit one with a spotty record on privacy. It has more than 100 million users in the US alone and was actually the most-downloaded free app on both the Google Play and Apple stores at the time of writing.

Now, like most large e-commerce sites, Temu does have plenty of scammers looking to take your money. We’d recommend familiarizing yourself with the most common online scams, such as people selling counterfeit goods, not actually sending your package, or asking you to move the conversation to a different platform. It’s a good idea to check seller feedback, and ask yourself why one seller is able to offer an item for so much cheaper than anybody else. If you are scammed, let Temu’s support team know and they’ll start the process of issuing you a refund.