> Last Monday, TechCrunch reported that Pinduoduo was pulled from Play after Google discovered a malicious version of the app available elsewhere

Google got in front of one for once. I knew they could do it!

Hopefully that’s good omen.

The sooner malicious apps are taken down, the better it is for all Android users.

it remind me when facebook tried to buy phone exploits too to built it in their app, i don't remember from who - wasn't from cellebrite?

Edit, it was from NSO

The blanket denial sums it up for me

And yet, they needed (what appear to be) two whistleblowers and a security to point them to this. None of this was discovered by Google themselves - others tipped them off.

What. The. Actual. Fuck?! I seem to have completely missed this. How come there was not more of an outcry about this? That's horrific! Thanks for sharing, mate!

Does it? So what if they didn't actually put the exploit in, what would you have them do then? The article states that the origin and nature are as of yet unknown.

[removed]

Um I dunno, maybe explain in detail how it couldn't have been them, maybe?

Probably because

1. It's a claim.
2. The devil is in the detail. They were probably not shopping for an exploit, but for other monitoring software. The article indicates as much.

The "phone exploits too to built it in their app" from parent is not really supported in the article.

I don't think the article supports your "phone exploits too to built it in their app" claim, though.

But it could be them, so that’s not really possible. You wouldn’t believe any explanation anyway. But it could also not be them.

[deleted]

If it is not them then they should have said it is likely from malicious third party