If this report is true, it would reflect poorly on Apple and Google more than Temu.
iOS does have protections in place that prevent an App from modifying its own executable code; the current argument about Emulators in the EU is showing that Apple is very strict when it comes to this sort of thing.
Even if the App was able to reconfigure itself to access data it does not have permission to access, it still needs to ask for permission.
I assume Google have similar protections in Android.
From the report; “THIS REPORT AND ALL STATEMENTS CONTAINED HEREIN ARE THE OPINIONS OF GRIZZLY RESEARCH LLC AND ARE NOT STATEMENTS OF FACT.”
In other words, Grizzly Research didn’t do any research and are just making shit up.