Republished later on June 24 with Apple’s and Google’s response to this warning.
It’s one of the most outlandish threats facing smartphone users today. Apps that you think make your phone safer and more secure actually put you, your device and your data at risk. Now a new list has been released of apps you should delete.
Your smartphone is already at risk from Chinese attacks. That’s where the organized criminal gangs behind the plague of unpaid toll and DMV texts are based, outside the reach of U.S. law enforcement, operating at industrial scale with impunity.
And Chinese operators are also behind this new list of dangerous apps. Earlier this year, I reported on the warning that a raft of VPNs were secretly sending user data to China.
That came courtesy of the Tech Transparency Project (TTP)’s warning that “millions of Americans are inadvertently sending their internet traffic to Chinese companies — including several tied to the People’s Liberation Army” and one blacklisted by the U.S.
Those dangerous VPNs which masked their Chinese ownership could be found on both Apple’s App Store and Google’s Play Store, operating in something of a grey area and calling into question whether app screening is anywhere near rigorous enough.
VPNs route or “tunnel” all your internet traffic via servers controlled by the VPN operator. This should mask your location and the websites you’re accessing from anyone monitoring your local traffic, the VPN server acts as a dead end.
TTP says its last report in April “found that more than 20 of the top 100 free VPNs in the U.S. Apple App Store in 2024 showed evidence of Chinese ownership. None of these apps clearly disclosed their Chinese ties, and some obscured their origins behind layers of shell companies. Several of the apps were linked to Qihoo 360,” a cybersecurity firm “sanctioned by the U.S. over its ties to China’s People’s Liberation Army.”
But because the VPN receives all your traffic, it is critical that the operator behind the service is trusted and transparent. This is why I advise all users only to use paid VPNs from well-known western brands. No free apps. No Chinese apps. Period.
Now TTP is back with a follow-up, a “spot check” to determine if “Apple and Google still have a Chinese VPN problem.” TL;DR — yes they do, says the research team.
“Apple and Google app stores continue to offer private browsing apps that are surreptitiously owned by Chinese companies,” TP warns. “Chinese-owned VPNs raise serious privacy and security concerns [given] Chinese companies can be forced to share user data with the Chinese government under the country’s national security laws.”
TTP has released a list of “13 China-owned VPN apps identified by TTP that remain available in the Apple App Store” and “11 China-owned VPN apps identified by TTP that are available in the Google Play Store.”
Given these are security apps, you should not be using anything Chinese-owned which may send all your data to or even through China — that’s very clear-cut. Even if those apps were not masking their ownership, that advice would not change.
Here are the apps — if you have any on your phone, you should delete them.
Apple App Store:
- X-VPN – Super VPN & Best Proxy
- Ostrich VPN – Proxy Master
- VPN Proxy Master – Super VPN
- Turbo VPN Private Browser
- VPNIFY – Unlimited VPN
- VPN Proxy OvpnSpider
- WireVPN – Fast VPN & Proxy
- Now VPN – Best VPN Proxy
- Speedy Quark VPN – VPN Proxy
- Best VPN Proxy AppVPN
- HulaVPN – Best Fast Secure VPN,
- Wirevpn – Secure & Fast VPN
- Pearl VPN
Google Play Store:
- Turbo VPN – Secure VPN Proxy
- VPN Proxy Master – Safer Vpn
- X-VPN – Private Browser VPN
- Speedy Quark VPN – VPN Master
- vpnify – Unlimited VPN Proxy
- Ostrich VPN – Proxy Unlimited
- Snap VPN: Super Fast VPN Proxy
- Signal Secure VPN – Robot VPN
- VPN Proxy OvpnSpider
- HulaVPN – Fast Secure VPN
- VPN Proxy AppVPN
In response to this report, Google told me it is “committed to compliance with applicable sanctions and trade compliance laws. When we locate accounts that may violate these laws, our related policies or Terms of Service, we take appropriate action.”
The Android-maker also says “Google Play is committed to protecting user privacy and providing a safe and secure environment for our users. Apps that are deceptive, malicious, or intended to abuse or misuse any network, device, or personal data are strictly prohibited.” It also has specific polices governing VPN apps.
Apple told me it enforces its App Store rules but does not differentiate based on where apps are developed. It does differentiate between companies and individuals and only organisations (not individuals) can release VPNs. It also says that it requires strict transparency on data collection and prohibits data being shared with third parties.
There is no suggestion all these apps intercept or monitor user data, albeit that’s a clear risk. This warning is based on the nature of VPNs, the geographical location of the developers, China’s national security laws and the advice to use blue-chip VPNs.
TTP says “Apple’s guidelines state that apps offering VPN services ‘may not sell, use, or disclose to third parties any data for any purpose’, but any China-based app developer can be compelled to share user data with the Chinese government.”
As for Android, the researchers say “TTP could not determine if Google Play has a specific developer policy for VPNs, but it does require apps to be ‘transparent’ about how they share user data. Google did not respond to questions about its policies.”
