Millions of iPhone and Android users are being warned about serious risks from certain free apps they’ve installed. A new report from the Tech Transparency Project (TTP) highlights a list of apps, mainly VPNs, that could be sending your sensitive data to companies potentially linked to the Chinese government. This isn’t just about privacy; it’s a significant security concern.
Contents
The key takeaway is simple: Many popular free apps, particularly those promising online privacy like Virtual Private Networks (VPNs), might have hidden ownership ties that put your personal data at risk. It’s crucial to check the apps on your device against the list provided and understand why “free” often comes with hidden costs.
Why Are These Apps Raising Red Flags?
These apps are mostly VPNs, tools designed to make your online activity more secure and private by routing your internet traffic through a different server. You might use one to protect yourself on public Wi-Fi or access content restricted in your area.
However, the TTP report, building on previous findings, reveals that many free VPNs available on both the Apple App Store and Google Play Store are secretly linked to Chinese companies. Experts warn these apps could be doing the exact opposite of what they promise – instead of protecting your data, they might be collecting it.
“Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies,” TTP states. Despite being flagged before, many of these high-risk apps remain easily available for download.
The China Connection: It’s About Law
This isn’t just about who owns a company; it’s about where they operate. China has national security laws that require companies based there to cooperate with state intelligence efforts. This means any data handled by these companies could potentially be accessed by the Chinese government.
As TTP explains, “China has enacted a series of national security laws… requiring that China-based organizations and individuals cooperate with state intelligence work.” This can include demanding access to data and even forcing companies to build backdoors into their software.
Experts like Vijay Dilwale from Black Duck point out that “Chinese law requires collaboration with state intelligence efforts by businesses. This is not optional, but legislation. As a result, all information traveling through these apps could possibly be available for the Chinese government to access.” This is a critical point that turns a privacy concern into a national security issue, especially for anyone handling sensitive information or needing their location private.
Young man using a smartphone late at night, highlighting the risk of data privacy when using certain free apps like dangerous VPNs.
Free Apps Aren’t Always Truly ‘Free’
Cybersecurity experts often say, “If you aren’t paying for a product, you are the product.” This is particularly true for many free apps, including some VPNs. While they cost you no money upfront, they might cost you your privacy.
These free VPN services often record your online activity, inject annoying ads into your browsing, or even sell your browsing history and personal data to third parties. Beyond potential data collection, TTP found that while listed as “free,” some of these apps push in-app purchases, further blurring the lines of transparency. This lack of clarity about what you’re really getting (and giving away) is a major red flag.
What About Apple and Google?
Critics argue that Apple and Google, the gatekeepers of their respective app stores, aren’t doing enough to protect users. Despite warnings about the opaque ownership and potential risks of these apps, they remain listed and easily downloadable.
“Despite being made aware of glaring privacy failures and opaque corporate structures, Google and Apple continue to permit these high-risk apps on their platforms,” says Simon Migliano of Top10VPNs. While both companies have policies about data sharing and enforce app store rules, experts say vetting is inconsistent, especially when developers use complex structures to hide their true ownership.
According to Randolph Barr at Cequence Security, “Apple and Google can and should do more to mitigate the national security and privacy risks posed by VPN apps with undisclosed foreign ownership.” The difficulty in truly vetting apps developer ownership requires significant effort, which platforms have been slow to scale.
Is Your Data Safe? More Than Just Privacy
For most users, the concern is personal privacy – keeping their browsing history and location secret. But for some, the risks are higher. If you handle sensitive work data on your phone, or if your location is a security concern, using a VPN with hidden, potentially state-linked ownership is particularly dangerous. These apps access all your internet traffic, creating a potential pipeline for sensitive information.
The potential for these free VPNs to form large networks of user devices (proxy exit nodes) also raises concerns. As James Maude from BeyondTrust notes, such networks could “potentially be misused to both target and surveil identities but also provide a mechanism to exploit them.”
What You Should Do Now
Given these serious warnings, the most important step you can take is to check the apps currently installed on your iPhone or Android device.
If you find any of the apps listed below, cybersecurity experts strongly urge you to delete them immediately. Simon Migliano warns, “The risks are too great” to keep them installed.
Beyond deleting the risky apps, be cautious about downloading free VPNs in the future. While official app stores offer a layer of safety compared to downloading from random websites, they are not perfect guarantees against risky apps. If you truly need a VPN for security, privacy, or accessing content, research and choose a reputable, paid service with a clear no-logs policy and transparent ownership. As PC Mag and other experts suggest, for reliable security and privacy, a paid VPN is almost always the safer choice.
The recent news regarding potential state-level restrictions on online content, like the US Supreme Court ruling favoring state bans on adult content without age checks, has led many to seek out VPNs for workarounds. This makes it even more likely users might stumble upon and download these potentially dangerous free options.
The Apps on the List
Here are the apps flagged by the Tech Transparency Project on both major app stores:
Apple App Store:
- X-VPN – Super VPN & Best Proxy
- Ostrich VPN – Proxy Master
- VPN Proxy Master – Super VPN
- Turbo VPN Private Browser
- VPNIFY – Unlimited VPN
- VPN Proxy OvpnSpider
- WireVPN – Fast VPN & Proxy
- Now VPN – Best VPN Proxy
- Speedy Quark VPN – VPN Proxy
- Best VPN Proxy AppVPN
- HulaVPN – Best Fast Secure VPN
- Wirevpn – Secure & Fast VPN
- Pearl VPN
Google Play Store:
- Turbo VPN – Secure VPN Proxy
- VPN Proxy Master – Safer Vpn
- X-VPN – Private Browser VPN
- Speedy Quark VPN – VPN Master
- Ostrich VPN – Proxy Unlimited
- Snap VPN: Super Fast VPN Proxy
- Signal Secure VPN – Robot VPN
- VPN Proxy OvpnSpider
- HulaVPN – Fast Secure VPN
- VPN Proxy AppVPN
Note: The Android app vpnify was also included in TTP’s initial report but has since stated they have relocated outside China and are working to update their information with TTP.
The critical message is to prioritize your digital safety. Don’t blindly trust free apps, especially those dealing with sensitive data like VPNs. Check your phone today.
For more insights on protecting your digital life, explore our other articles on online security and privacy.
