If this report is true, it would reflect poorly on Apple and Google more than Temu.
iOS does have protections in place that prevent an App from modifying its own executable code; the current argument about Emulators in the EU is showing that Apple is very strict when it comes to this sort of thing.
Even if the App was able to reconfigure itself to access data it does not have permission to access, it still needs to ask for permission.
I assume Google have similar protections in Android.