You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

💡 Did you know?

⏺ If you can't accept iCloud Terms and Conditions... Learn more >

⏺ If you don't see your iCloud notes in the Notes app... Learn more >

User profile for user: AnaCatCaracal
AnaCatCaracal Author
User level: Level 1
6 points

Is the online shopping app TEMU dangerous for iOS?

I'm so sorry if this question sounds weird, but I have the Chinese online shopping app called ''TEMU'' and I've recently seen some information about it being a spying and tracking malware that can sell you personal information and bank account informaton. I have an iPhone, and my iOS version is iOS 16.6 (OMG I NEED TO UPDATE TO 17) and I am concerned if that inforamtion is true because some sources state that it is a malware, but some deny that. So, I decided to ask the question here, as here are smart people who can actually help you :)

I would be very grateful if somebody answeres my question 🥲

iPhone 12 Pro Max, iOS 16

Posted on Dec 14, 2023 3:04 AM

Reply
Question marked as Top-ranking reply
User profile for user: SravanKrA
SravanKrA
Community+ 2024
User level: Level 10
413,916 points

Posted on Dec 14, 2023 4:58 AM

iOS / iPadOS devices cannot be infected** with Viruses / Malware / Spyware unless you have intentionally downloaded spurious software or unauthorized apps directly from the internet and installed them on your device or/and have Jailbroken



**The primary reason for this is Sandboxing. All third-party apps are “sandboxed”, so they are restricted from accessing files stored by other apps or from making changes to the device. Sandboxing is designed to prevent apps from gathering or modifying information stored by other apps.


Security of runtime process in iOS and iPadOS - Apple Support



The sandbox on an iPhone is a security feature that creates a restricted environment for each app to run in isolation from other apps and the operating system. It is a core component of iOS's security architecture and plays a crucial role in making iPhones more secure.


In layman's terms:


The sandbox works by enforcing strict controls and limitations on app behavior, ensuring that each app has access only to the resources it needs to function properly. Here are some key aspects of the sandbox that contribute to iPhone security:


  1. Isolation: Each app on an iPhone operates within its own sandboxed environment, which means it has no direct access to the files, processes, or memory of other apps. This isolation prevents apps from interfering with one another, protecting user data and maintaining system stability.
  2. Restricted Resource Access: The sandbox restricts an app's access to sensitive resources such as contacts, photos, location data, and system settings. Apps must explicitly request user permission to access these resources, and users have control over granting or denying access. This helps prevent unauthorized data access and ensures user privacy.
  3. Limited File System Access: Apps can only access their own containerized storage area and specific system-provided directories. They cannot modify files outside of their designated areas or interfere with the operating system files. This prevents apps from tampering with critical system components.
  4. Code Execution Controls: The sandbox enforces restrictions on code execution, preventing apps from running arbitrary code or injecting malicious code into other apps or the system. It helps ensure that apps only execute approved code from their own sandboxed environment.
  5. App Review Process: Before an app is allowed on the App Store, it goes through a rigorous review process conducted by Apple. This review examines the app's functionality, security, and adherence to guidelines. It helps detect and remove malicious or poorly designed apps, minimizing the risk to users.


The combination of these sandboxing mechanisms helps create a secure environment on iPhones, protecting user data, maintaining system integrity, and preventing unauthorized access or interference between apps.



View in context

Similar questions

27 replies
User profile for user: hands4
hands4
User level: Level 4
2,246 points

Jul 1, 2024 10:07 PM in response to MrHoffman

I'm somewhat confused. Please clarify.


I searched the App Store for an iOS Temu app. I could not find it. Could you corroborate this for me?


The referenced Grizzly article includes strongly worded statements that the Temu App is indeed malware.


"Grizzly Research presents Smoking Gun evidence that PDD Holdings Inc.'s (NASDAQ:PDD) widely downloaded shopping app TEMU is the most dangerous malware / spyware package currently in widespread circulation. Because of the urgency of this finding, the entire first half of this report is dedicated to analyzing the decompiled the spyware aspects of the app's code, and the clever ways its owners use to hide numerous malicious functions. This analysis is backed by extensive expert commentary."


"TEMU app software has the full array of characteristics of the most aggressive forms of malware /spyware."


"Part 1: We Believe TEMU is the Most Dangerous App in Wide Circulation

Highly Dangerous Spyware / Malware Characteristics in TEMU app

Analysis of PDD’s app software by multiple experts is showing all the signs of red-flag concern. The calls to outside device data and functions that violate users’ privacy are far more aggressive than any well-known consumer shopping app.

Our experts identified a stack of software functions that are completely inappropriate to and dangerous in this type of software. TEMU uses them all."



Reply
User profile for user: hands4
hands4
User level: Level 4
2,246 points

Jul 1, 2024 10:43 PM in response to MrHoffman

Corrections:


I found Temu in the App Store on my iPhone. This gives me confidence that Temu on iOS is not malware. Thanks.


The Grizzly report includes strongly worded statements with ample evidence that the Temu app is malware. Does their analysis apply to Android and not iOS? Does iOS block these techniques, as you have stated?


From the Grizzly report:


, "1) Dynamic compilation using runtime.exec(). A cryptically named function in the source code calls for “package compile”, using runtime.exec(). This means a new program is created by the app itself.—

...

“That’s bad. That’s really bad, because if they are locally compiling packages, then they can literally do anything they want at any time. It means that you can’t analyze because the system is truly dynamic.” "

Reply
User profile for user: jerel183
jerel183
User level: Level 1
8 points

Jul 10, 2024 12:18 PM in response to AnaCatCaracal

It's understandable to be concerned about the security of apps on your phone. The concerns about the Chinese shopping app TEMU App being spyware or malware have been discussed, but there is no concrete evidence to confirm these claims. However, it's always good to exercise caution with any app that has access to your personal information and financial data.

Reply
User profile for user: hands4
hands4
User level: Level 4
2,246 points

Aug 12, 2024 8:44 AM in response to AnaCatCaracal

Correction. Temu is still in Apple Apps. iOS apps are harder to infect than Android ones and Apple scrutinized the Temu iOS app and found it to be safe.


Contrast this with Google. Temu included over a dozen malware attacks that Android allows and iOS does not. Then Google did not curate it, leading to millions of Android users infected with Temu malware.

Reply
User profile for user: hands4
hands4
User level: Level 4
2,246 points

Aug 26, 2024 8:10 AM in response to hands4

I'm sorry I posted this (erroneous social-media) link before someone corrected me. Temu is safe on iOS and Apple did not pull it. This is a quintessential example of Apple's superior security.


Temu used over a dozen malware-friendly Android libraries to steal info from millions of Android users. iOS includes none such libraries. You could drive a truck through some of the Android libraries. They enable self-modifying code that it can hide in the source code or can even be download while running. Apple does allow nefarious libraries.


This is also quintessential example of Open Source vs. proprietary software. Apple carefully curates apps in their store for malware. Neither Google nor the Open Source community curate Android apps (or they do an inadequate job at that). That's why millions of Android users were hacked by Temu.


Sorry again for referencing this unfortunate misinformation.



Reply
User profile for user: IdrisSeabright
IdrisSeabright
User level: Level 10
169,349 points

Oct 21, 2024 6:45 AM in response to davidesmith1950

davidesmith1950 wrote:

I am thoroughly discussed with your company.  Temu is a scam.  They tell you have 2 free gifts and when the order is placed it just mysteriously disappears, kind of like they planned it.  Total crooks. If someone wants to “introduce you to Temu”. Ask them how much they’re being paid…. Run…

Um, whose company? Certainly not mine. I work for a university, one small enough that I doubt you've had any contact with it. Apple isn't reading here. And nor, I suspect, is Temu.


If you don't approve of Temu's business practices, don't order from them.

Reply

Is the online shopping app TEMU dangerous for iOS?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up