New FBI Warning: Chinese Apps Could Expose User Data

AndyC 8 April 2026

Image: David Trinks/Unsplash

The FBI is urging Americans to think twice before downloading foreign apps, warning that some could quietly expose sensitive user data.

New FBI Warning: Chinese Apps Could Expose User Data

New FBI Warning: Chinese Apps Could Expose User Data
FBI logo.
Image: David Trinks/Unsplash

The FBI is urging Americans to think twice before downloading foreign apps, warning that some could quietly expose sensitive user data.

The alert comes just days after China banned Jack Dorsey’s Bitchat over regulatory concerns, underscoring the growing digital standoff between the two countries. Years of escalating data privacy tensions have already pushed the US to restrict several foreign platforms, citing Chinese laws that can compel companies to hand over user data to government authorities.

Now, the bureau is raising fresh concerns about widely used apps developed by foreign firms, particularly in China, cautioning that millions of users could be at risk. And given the global reach of these platforms, the warning extends far beyond the US.

What’s behind the concerns over Chinese-developed apps

In recent years, several Chinese-developed apps, including CapCut and Temu, have become widely used in the US. With millions of US users, the FBI says “these apps are subject to China’s extensive national security laws.”

Although the bureau did not explicitly issue an instruction to stop downloading Chinese-developed apps, it did leave three clues that it says allow “the Chinese government to potentially access mobile app users’ data.”

  • Data storage and privacy policies: App stores require app developers to indicate where they store users’ data and for how long. The FBI advises Americans to always check this before downloading any app, as some software companies often store user data on servers in China, sometimes indefinitely.
  • The invite friends option: Certain apps often request contact permissions to allow users to invite their friends and family. While harmless, this can give apps access to the contact information of people who don’t even use them. Forbes notes that in the wrong hands, such data can be used to map social relationships, a key element in social engineering attacks such as phishing. For companies based in China, that data can be accessed by the government.
  • Malware: On the user side, it is often hard to detect, but the bureau recommends downloading only from official stores. Doing this reduces the risk of apps using hidden malware to collect user data beyond what users agreed to share or exploit software vulnerabilities. iOS users face a lower risk due to stricter controls, and even Android, which permits side-loading apps, has recently begun tightening that area.

The tale of TikTok and Bitchat

Early this year, TikTok moved part of its operations involving US users to American servers, led by Oracle. The decision was made after the US threatened to ban the company from the country. Under the hood, this represents a more serious battle for data supremacy, and the FBI’s recent warning may have confirmed it.

China, on the other hand, has continued banning US-developed apps over censorship concerns. While many Meta- and Google-related apps are on the list, several others are highly regulated. Jack Dorsey’s Bitchat has become the latest app to be banned in the country.

In a post on X, Dorsey shared a screenshot of the removal notice and wrote that Bitchat had been “pulled from the china app store.”

Screenshot of the removal notice.

The FBI’s recommendation

The bureau’s recommendations to users are basically normal safety guidelines that every user should know.

It recommends turning off unnecessary data sharing, enabling regular software updates, requiring frequent password changes, and downloading apps from official stores. It also recommends that users read the terms of service of apps they wish to download. However, that is one thing many users don’t do.

The PSA also includes links to useful resources for staying safe online. Additionally, the PSA instructs US users to report suspected data compromise and provides a list of relevant information to include.

Also read: A China-linked breach of an FBI surveillance system, which the bureau classified as a “major incident,” adds to broader US security concerns about sensitive data exposure.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , , , ,

What do you feel about this?

More Stories

Trump’s Proposed CISA Cuts Spark Alarm Among Cybersecurity Experts

Trump’s Proposed CISA Cuts Spark Alarm Among Cybersecurity Experts

AndyC 8 April 2026
‘Stop Texting’: FBI Warning Drives Apple’s iPhone Messaging Update

‘Stop Texting’: FBI Warning Drives Apple’s iPhone Messaging Update

AndyC 8 April 2026
Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

AndyC 8 April 2026
New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

AndyC 7 April 2026
Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

AndyC 7 April 2026
Samsung to Shut Down Its Messaging App, Switch to Google Messages in July

Samsung to Shut Down Its Messaging App, Switch to Google Messages in July

AndyC 7 April 2026

You may have missed

Major outage cripples Russian banking apps and metro payments nationwide

Major outage cripples Russian banking apps and metro payments nationwide

AndyC 8 April 2026
Russia Hacked Routers to Steal Microsoft Office Tokens

Russia Hacked Routers to Steal Microsoft Office Tokens

AndyC 8 April 2026
[un]prompted 2026 – When Passports Execute: Exploiting AI Driven KYC Pipelines

Anthropic Unveils Restricted AI Cyber Model in Unprecedented Industry Alliance

AndyC 8 April 2026
[un]prompted 2026 – When Passports Execute: Exploiting AI Driven KYC Pipelines

Top Cloud Privileged Access Management Best Practices to Prevent Privilege Abuse

AndyC 8 April 2026
[un]prompted 2026 – When Passports Execute: Exploiting AI Driven KYC Pipelines

Russia Hacked Routers to Steal Microsoft Office Tokens

AndyC 8 April 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.