Researchers Uncover Chinese-Owned VPNs in Apple and Google Stores, Raising Concerns About Data Security

A recent report by the Tech Transparency Project has shed light on a concerning trend in the virtual private network (VPN) app market. Researchers found that both Apple’s and Google’s online stores offer free VPN apps owned by Chinese companies, which may be secretly sharing user data with the Chinese government.

According to the report, 20 of the top 100 free VPNs in the US Apple App Store showed evidence of Chinese ownership, with five of these apps having ties to Qihoo 360, a Chinese cybersecurity firm under US export-control restrictions due to alleged links to China’s People’s Liberation Army. Although three of these apps were eventually pulled from the store, two remained available in early May.

The report also identified 11 other Chinese-owned VPN apps on the Apple App Store, as well as four Qihoo 360-connected apps and seven other Chinese-owned VPNs on the Google Play Store. These apps may be sharing user data with the Chinese government, as Chinese law requires companies to assist national intelligence agencies and share customer data with Beijing.

Apple’s guidelines do require VPN apps to protect user data, but it is unclear whether Chinese-owned apps would be willing to comply with these rules. Google’s policies for VPN apps are less clear, but the company does require apps to be “transparent” about how they handle user data.

When reached for comment, neither Apple nor Google responded to questions about the apps or their policies related to data disclosure and app developers’ provenance.

The discovery of Chinese-owned VPN apps in the Apple and Google stores raises serious concerns about user privacy and data security. As the report highlights, the Chinese government may have access to communications flowing through these VPNs, putting users at risk of surveillance and data breaches.

A Threat to Global Security

The implications of this discovery extend far beyond individual user data. The Chinese government’s access to VPNs could potentially be used to disrupt global communication networks, compromise sensitive information, and even facilitate espionage.

What Can Users Do?

To protect themselves from potential data breaches, users can take several steps:

Research VPN apps thoroughly before downloading, looking for information about their ownership and data-handling practices.

Consider using VPN apps from reputable, non-Chinese companies.

Enable two-factor authentication and use strong passwords to secure accounts.

Regularly review and update software and apps to ensure they have the latest security patches.

By taking these precautions, users can minimize their risk of data exposure and protect their online security.