@arstechnica I'll be honest, my bullshit detector is going off pretty loud. they're claiming that the malicious behaviour is in a "cryptically named function [... that] is not visible to security scans before or during installation of the app, or even with elaborate penetration testing" - then how did they find it? most of the claims read as if they've never seen an app permissions list before, looked at Temu's, and assumed malice because China Bad™