Note added on August 21, 2024: This is a post the Natto Team published on May 26, 2023. It looks into China’s e-commerce company Pinduoduo (PDD) and its alleged hacking team after the Google Play store suspended PDD because of finding malware in some versions of the app. Our research indicates that PDD’s operating model - a social commerce model of “social network promotion for all people” has made it easy to hack users. The model analyzes users’ habits, interests and preferences to offer personalized push notifications and ads that attract users to use the app more often and place more orders. A white/black hat hacking team could combine these standard e-commerce functions – which are not necessarily illegal – with exploitation of mobile phone vulnerabilities to enable unauthorized access to user data and information. PDD figured out this shortcut early on in its explosive growth. Fortunately for users, the country’s top mobile vulnerability mining expert had the moral decency to ref…