Updated on Apr. 6 with news of a new clampdown on U.S. apps in China.
It should be obvious — but unfortunately it’s not. Some of the most popular apps you have likely downloaded on your iPhone or Android smartphone are dangerous. And now the FBI is warning U.S. citizens to stop all such installs.
The bureau’s new Public Service Announcement highlights the “data security risks associated with foreign-developed mobile applications (apps) frequently used in the United States; however, these concerns are global. As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China.”
This warning links back to China’s infamous national security laws, which the FBI reminds smartphone users enables “the Chinese government to potentially access mobile app users’ data.” In short, the laws mandate developers based in China do all they can to support the country’s national security imperatives — including sharing data. It’s the same mandate that plagued TikTok ahead of its U.S. split.
MORE FROM FORBES‘Backlash’—Google’s Unbeatable Pixel Leaves Samsung BehindBy Zak Doffman
Article 7 of China’s National Intelligence Law says: “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.”
While Article 14 is more an issue: “National intelligence work institutions lawfully carrying out intelligence efforts may request that relevant organs, organizations, and citizens provide necessary support, assistance, and cooperation.”
These two clauses taken together are often used to define the risks.
The FBI has not provided a list of Chinese apps or those from developers in other high risk locations. That list would be vast and fluid. Instead, the bureau has issued guidelines for citizens to follow before installing — or not installing — apps.
Per the New York Post, “the warning could apply to a range of widely used apps developed by Chinese firms — including video-editing platform CapCut, shopping apps like Temu and SHEIN, and social media platforms such as Lemon8 — several of which rank among the most downloaded apps in the United States.”
TechRadar has analyzed the current download charts for both iPhone and Android to highlight the implications of the bureau’s PSA. On Android, the second most popular app is TikTok Lite. “headquartered in Singapore and Los Angeles, but a Chinese app in general.” While Temu in fourth place is “Chinese-built.” TikTok itself is in fifth place, followed by PDF & Launcher for Android from Hong Kong.”
According to TechRadar, the iOS list “is almost the same, with a few notable differences. It includes a game by Ta Ta Game Technology Limited, an app developer company that does not state where it’s from, at all, as well as a game by a Turkish developer.” While the Android risk is higher, given sideloading, iPhone users are far from immune from the risks associated with Chinese downloads.
The FBI says users should be aware “of what user data these apps request access to upon download.” But in reality, these privacy polices are very rarely checked. That’s why so-called permission abuse is such a nightmare for smartphone users. “When access is permitted by the user, the app can persistently collect data and users’ private information throughout the device.”
The data at risk includes contact lists, which could enable those collecting the data in China or elsewhere to build social graphs. In the wrong hands, these are invaluable to nation-state or mercenary hackers, using a hack on one person to socially engineer hacks on one or more higher value targets that they know.
“Some platforms offer the option to invite friends or contacts to use the apps. With default permissions, developer companies can store collected data on users’ private information and address books, such as names, e-mail addresses, user IDs, physical addresses, and phone numbers of their stored contacts.”
The FBI also warns that “some of the apps state that the collected data is stored on servers located in China for as long as the developers deem necessary.” And while there may be settings to stop this data sharing, these are little used. “Some apps do not allow the users to operate the platform unless users consent to data sharing.”
While the focus of this new PSA is the threat to user privacy, the bureau also flags the risk that these foreign-developed apps “may also contain malware that could collect data beyond what is authorized by the user. This could include malicious code and hard-to-remove malware designed to exploit known vulnerabilities in various operating systems and insert a backdoor for escalated privileges.”
MORE FROM FORBESSamsung’s Android Update—Bad News For Galaxy S26 OwnersBy Zak Doffman
The FBI’s warning isn’t a blanket instruction to stop downloading any apps from Chinese developers. But before downloading any such apps, users should check carefully to understand the privacy and data collection policies published in the App Store or Play Store, and then to avoid installing apps with onerous practices. The advice is to stop installing such apps from outside official stores.
This is a much greater threat to Android over iPhone users, given the openness of the ecosystem and the prevalence of high-risk sideloading. This is why Google is shutting down this risk — to an extent — with blocks on installs from unknown developers at least, many of which will be based overseas. “Official apps stores scan for malicious content, lowering the risk of malware or malicious code.”
Instead, users are urged to check each app they install against the bureau’s guidelines below. Where apps fall foul, users should not install those apps or should delete those already on phones:
-
Do not install apps from anywhere but official stores;
-
Read terms of service or end user license agreements before downloading;
-
Disable unnecessary data sharing;
-
Change and update passwords regularly; and
-
Perform regular device software updates.
With somewhat ironic timing, with news of the FBI’s warning to U.S. citizens about the dangers of Chinese apps continuing to swirl, China has issued a warning of its own. “Apple removes Jack Dorsey’s Bitchat from China App Store,” Bitcoin News reported Monday. “Apple pulled the decentralized messaging application Bitchat from its China App Store following a regulatory demand from Chinese authorities.”
According to Crypto News, China accused Dorsey’s decentralized messaging app of “violating the country’s internet service regulations.”
According to reports, China’s Cyberspace Administration of China (CAC) “stated that Bitchat violated Article 3 of its regulations, a provision covering online services with public opinion or social mobilization capabilities that came into force in 2018. As part of this framework, any such services would have to undergo a security assessment before launch and be responsible for the outcome.”
Dorsey confirmed the news late Sunday. “Bitchat pulled from the china app store,” he posted on X, sharing the notification the company had received. “We are writing to notify you that your application, per demand from the CAC will be removed from the China App Store because it includes content that is illegal in China, which is not in compliance with the App Review Guidelines.”
“Bitchat has gained attention during periods of political unrest as the app’s decentralized nature allows communication even during internet shutdowns,” Crypto News explains. “This also puts it at odds with China’s tightly controlled internet censorship regime. Data from Chrome download statistics shows that the app has been downloaded more than three million times.”
Separately, and again somewhat ironically, China’s regulators are also warning that the country’s citizens are now at risk from the latest iOS vulnerabilities, patched in recent says to much furor across Apple’s ecosystem.
Local media reports that “attackers are exploiting tools targeting Apple terminals to launch cyberattacks that can lead to information theft and full device compromise, China’s Ministry of Industry and Information Technology has warned.”
And so this tit-for-tat is plays out in the public gaze. There has always been an asymmetry when it comes to U.S. apps in China versus Chinese apps in America, which also featured in the TikTok debate. Perhaps the FBI’s latest warning represents the beginning of a campaign to redress this.
MORE FROM FORBESApple’s Update Mistake—Hundreds Of Millions Of iPhones AffectedBy Zak Doffman
Meanwhile, the FBI tells iPhone and Android users that “if you believe your data has been compromised, or you have experienced suspicious activity related to a foreign-developed mobile app,” you can file a complaint at www.ic3.gov. Should you do so, the bureau asks that you include the following:
-
“Device type and operating system;
-
Name of the app and the developer or company;
-
Where the app was downloaded from;
-
Date the user downloaded or began using the app;
-
Specific permissions granted to the app;
-
Types of data believed to be compromised, such as contact lists, location, messages, photos, etc.;
-
Any suspicious activity on the device or accounts after installing the app, like unusual data usage, battery drain, unauthorized access, etc.;
-
Whether the app was used via cloud-based or locally downloaded version;
-
Any malware detection altars or security warnings received; or
-
Financial losses or identity theft resulting from app use.”
This article was originally published on Forbes.com
