Arizona Attorney General Kris Mayes has filed a consumer-protection lawsuit accusing Chinese e-commerce giant Temu of secretly harvesting massive amounts of sensitive data from Arizonans’ phones, deceiving customers with counterfeit goods and fake reviews, and posing what she called a grave threat to consumer privacy and security.
“We allege that Temu has repeatedly and willfully violated the Arizona Consumer Fraud Act and put the privacy of Arizonans, including minors, at extreme risk,” Mayes said in a Dec. 2 statement.
“Arizonans should be aware that behind Temu’s low prices and shiny advertising, there is real danger. The Temu app can infect users’ devices with malware to steal their private data while carefully hiding its tracks.”
Alleged Malware-Like Behavior
Arizona’s 79-page complaint alleges that the Temu app contains hidden technical features that allow it to access a user’s phone and potentially control parts of the device. According to the state, the app secretly gathers highly sensitive information—including a user’s precise location, access to the phone’s microphone and camera, lists of installed apps, Wi-Fi data, and other device identifiers—far beyond what a typical shopping app would need.
State investigators cited in the complaint say Temu employs techniques commonly associated with spyware, including multi-layer encryption that obscures data transmissions, code designed to evade security analysis, “root” and debugger detection, and the ability to rewrite its own code after installation through an internal tool known as “Manwe.”
Arizona alleges that these capabilities mirror those found in PDD Holdings’ earlier Chinese-market app, Pinduoduo, which Google suspended in 2023 after security researchers discovered malware exploiting Android vulnerabilities. A team of roughly 100 Pinduoduo engineers responsible for developing those exploits was later reassigned to Temu, according to the complaint.
These practices, the state alleges, create heightened national-security risks because Temu is owned by a Chinese company subject to laws requiring cooperation with the Chinese Communist Party’s (CCP’s) intelligence services.
“These privacy and security risks are compounded by the fact that Temu is owned by a Chinese company (PDD Holdings, Inc.), which itself is subject to Chinese law, including laws that mandate secret cooperation with China’s intelligence apparatus, to the exclusion of any data protection guarantees existing in the United States,” the complaint states.
Consumer Deception Claims
Alongside the data-security allegations, Arizona accuses Temu of misleading customers about its products. The complaint cites a pattern of advertising items that look nothing like the products delivered, fake reviews, unauthorized charges, bait-and-switch referral schemes, nonexistent prize offers, and counterfeit goods—including knockoffs of the Arizona Cardinals, Fender Guitars, and major Arizona universities.
“I will not stand by while a Chinese company vacuums up reams of sensitive data from Arizonans’ phones and profits from deception and abuse,” Mayes said. “We are taking Temu to court to stop these practices, protect Arizonans’ privacy, and hold Temu fully accountable under Arizona law.”
In response to a request for comment on the Arizona lawsuit, Temu said it denies the allegations and “will defend itself vigorously.”
“We help consumers and families access quality products at affordable prices. We work to keep costs down and maintain reliable supply so people can meet their needs without stretching their budgets,” a spokesperson told The Epoch Times in an emailed statement.
Temu creates “growth opportunities for businesses by offering a low-cost alternative to traditional gatekeepers,” the spokesperson said. “By providing another route to market, we return power and choice to local players, small and medium-sized businesses, and consumers.”
