I hate Temu, but this (apparently contracted?) Grizzly Reports report isn't really all that trust inspiring, tbh.
Our experts identified a stack of software functions that are completely inappropriate to and dangerous
The stack difference to the Amazon app they list:
Package compile
Requesting system logs
Some code obfuscation
Mac address collection
Install permission
Wake lock
Meh. That's just a sliver worse than your regular, off the shelves proprietary corporate app. I don't see how they can pull off the promise of being a truly dynamic Android app from that report.
I do believe they hover up data, but they aren't otherworldly super hackers. They will probably just ask for the data and the users will hand it over in a second. For most people, it really is that simple.