FBI Sounds Alarm: Chinese Apps on Your Phone May Be Feeding Data to Beijing

.

U.S. Federal Bureau of Investigation Issues Nationwide Warning About Foreign-Developed Mobile Applications

The FBI has issued a formal public warning to all Americans: millions of people are using smartphone apps that could be quietly sending their personal data to China — and users may have no idea it's happening.

In a Public Service Announcement released on March 31, 2026, through its Internet Crime Complaint Center (IC3), the FBI highlighted data security risks associated with foreign-developed mobile applications frequently used in the United States, noting that these concerns are global. As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China. The apps that maintain digital infrastructure in China are subject to China's extensive national security laws, enabling the Chinese government to potentially access mobile app users' data.

The bureau did not name specific apps — but the implications are far-reaching for everyday Americans.

What Happens When You Press "Allow"

Most people tap "accept" on permission requests without thinking twice. The FBI says that decision can have serious consequences.

When access is permitted by the user, the app can persistently collect data and users' private information throughout the device, not just within the app or while the app is active.

In other words: an app you gave permission to once may be running quietly in the background, collecting data around the clock.

The danger doesn't stop with the app's own users. Some platforms offer the option to invite friends or contacts to use the apps. With default permissions, developer companies can store collected data on users' private information and address books, such as names, email addresses, user IDs, physical addresses, and phone numbers of their stored contacts — giving the apps access to personal information belonging to both users and non-users in their contact lists.

Where Does the Data Go?

The answer, according to the FBI, can be found in the fine print — if anyone bothers to read it.

The apps' privacy policies list where the collected data, including personal information and system prompts, is stored. Some of the apps state that the collected data is stored on servers located in China for as long as the developers deem necessary.

Some apps do offer a locally downloaded version that may reduce cloud-based data transfers. But some apps require users to consent to data sharing in order to operate the platform — meaning there is no opt-out if you want to use the app at all.

Hidden Malware: The Worst-Case Scenario

Beyond routine data collection, the FBI raised an even more alarming possibility. Some apps may also contain malware that could collect data beyond what is authorized by the user. This could include malicious code and hard-to-remove malware designed to exploit known vulnerabilities in various operating systems and insert a backdoor for escalated privileges, such as enabling the download and execution of additional malicious packages designed to provide unauthorized access to users' data.

The risk is especially high for apps downloaded outside official channels. Downloading apps from unfamiliar websites or third-party app stores runs a higher risk of embedding malware. Official app stores scan for malicious content, lowering the risk of malware or malicious code on devices.

What You Can Do Right Now

The FBI's recommendations are straightforward and apply to all users, regardless of which apps they use:

The FBI recommends individuals disable unnecessary data sharing, only download verified apps from official app stores, change and update passwords regularly, perform regular device software updates, and read the terms of service or end user license agreement before downloading apps.

Anyone who suspects their data has already been compromised can file a report directly with the FBI's IC3 at www.ic3.gov.

States and Congress Are Already Acting

The FBI warning does not come in isolation. Across the country, elected officials have been pushing back against Chinese-linked apps for months.

In February 2026, Texas Attorney General Ken Paxton filed a wave of legal actions against companies with ties to China. Paxton sued PDD Holdings and WhaleCo — the companies behind Temu — for allegedly deceiving consumers while covertly harvesting personal data and exposing it to the Chinese Communist Party. Days later, he filed a fifth anti-CCP lawsuit in four days, this time targeting fast-fashion giant Shein for allegedly selling toxic products to consumers and unlawfully exposing sensitive personal data to the CCP. Shein has denied the allegations and stated it will contest them in court.

On Capitol Hill, Congressmen Jefferson Shreve (R-IN) and Pat Harrigan (R-NC) introduced the Securing Federal Devices from Chinese Applications Act to block applications developed, owned, or controlled by China or the Chinese Communist Party from being used on taxpayer-funded government devices. The bill is currently in committee.

A Broader Pattern: DeepSeek, TikTok, and VPNs

The FBI's alert is the latest chapter in a multi-year effort by U.S. authorities to address the data security risks posed by Chinese technology companies.

The bureau's PSA comes after China transferred operational control of TikTok's U.S. business in early 2026 to a majority American-owned joint venture led by Oracle, U.S. tech investment firm Silver Lake, and Emirati investor MGX — to avoid a ban following a 2024 law requiring parent company ByteDance to divest the platform over national security concerns.

Meanwhile, the AI tool DeepSeek — developed in China — was banned from government devices in Florida, New York, and Texas after raising similar data concerns.

A June 2025 report by the Tech Transparency Project warned that even virtual private networks (VPNs) — tools many people use to protect their privacy — may pose risks if owned by Chinese companies. The report cautioned that Chinese-owned VPNs have access to all of a user's web activity and can be legally required to share that data with Beijing under Chinese national security law.

The Bigger Picture

China's national security laws require companies operating within its borders to cooperate with state intelligence agencies upon request. That legal framework is at the heart of the FBI's concern: it doesn't matter where an app is popular — what matters is where its servers are located and who owns the company behind it.

For now, the FBI's message is clear: know what you're installing, check what permissions you're granting, and think twice before you press "allow."

.

Sources

1. FBI / IC3 Public Service Announcement, March 31, 2026: https://www.ic3.gov/PSA/2026/PSA260331
2. BleepingComputer – FBI warns against using Chinese mobile apps: https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-chinese-mobile-apps-over-to-data-security-risks/
3. Texas Attorney General – Lawsuit against Temu (February 2026): https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-files-fourth-anti-ccp-lawsuit-three-days-suing-temu-deceptive-marketing
4. Texas Attorney General – Lawsuit against Shein (February 2026): https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-files-fifth-anti-ccp-lawsuit-four-days-suing-global-fast-fashion-giant
5. Rep. Jefferson Shreve – Securing Federal Devices from Chinese Applications Act: https://shreve.house.gov/media/press-releases/reps-shreve-and-harrigan-introduce-legislation-crack-down-chinese-cyber
6. MeriTalk – House Bill Targets Feds' Downloads of Chinese Apps: https://www.meritalk.com/articles/house-bill-targets-feds-downloads-of-chinese-apps/

.