|

Are Popular Apple and Google VPN Apps Secretly Risking Your Privacy? What You Need to Know

ByInnoVirtuoso

Imagine this: You download a highly-rated VPN app from the App Store or Google Play. The reviews are glowing, the interface is sleek, and security seems practically guaranteed. But what if, behind that glossy surface, your data is being funneled straight to a government known for invasive surveillance? It’s not just paranoia—new research reveals this could be happening right now.

If you use or are considering using a VPN app, especially for sensitive activities or simply to protect your browsing, this is a must-read. Let’s unpack what’s really going on, why it matters, and how you can keep your privacy intact in a world where even the protectors might be the predators.

The Hidden Danger: China-Linked VPN Apps on Your Favorite App Stores

Think of VPNs as digital bodyguards—they’re supposed to shield your data from prying eyes, letting you browse, communicate, and work online in peace. That’s exactly why journalists, dissidents, businesses, and privacy-minded individuals turn to them. But what if those bodyguards were secretly reporting back to someone else?

A recent Tech Transparency Project (TTP) report has sent shockwaves through the privacy world: 10 of the top 100 VPN apps on Apple’s App Store and Google Play are covertly owned or controlled by Chinese companies. These companies, researchers warn, may be under legal obligation to share user data with the Chinese Communist Party (CCP) if asked.

Let’s break down why that’s a big deal—and what it means for you.

Why VPN Ownership Matters: The “Virtual” in VPN Isn’t Always Invisible

When you connect through a VPN, every single bit of your internet activity can be visible to the VPN operator: your logins, searches, downloads, business communications, and more. This is what makes VPN trustworthiness so crucial.

Now, picture this:

  • A law in China (National Intelligence Law, 2017) requires all companies and citizens to support state intelligence work.
  • If a VPN company is based in China or controlled by a Chinese entity, it’s legally required to turn over your data—no matter where you are in the world—if the government requests it.

This isn’t science fiction. It’s spelled out in law, and it’s paired with a history of global cyber-espionage campaigns and privacy violations linked to Chinese state actors (see Reuters’ explainer).

Here’s why that matters:
You might think you’re using a VPN to protect yourself from hackers, intrusive ISPs, or surveillance. But if the VPN itself is compelled to hand over your data, you’ve just traded one set of risks for another—possibly even more invasive.

The Most Popular VPN Apps at Risk

You might imagine these risky VPNs would be obscure or rarely used. In reality, many are top hits in both app stores, boasting hundreds of thousands of reviews and prominent rankings.

Notable examples highlighted by the TTP report include:

  • Turbo VPN Private Browser (owned by Qihoo 360, a Chinese company sanctioned by the US Department of Commerce)
  • VPN Proxy Master
  • Ostrich VPN
  • X-VPN

These aren’t deep-catalog, no-name apps. Turbo VPN, for instance, is a multimillion-dollar app, ranked among the top VPNs on both Android and iOS. And the others? On Apple’s App Store, they sometimes outrank Turbo itself.

How are these apps hiding their true ownership? – By using shell companies with Western-sounding names (like “Free Connected Limited,” “GeWare Technology Limited,” “ALL Connected Co., Limited”). – Obscuring links to parent companies based in China. – Relying on users (and even tech-savvy ones) not digging too deep.

If you’re like most people, you probably shop based on ratings, reviews, and maybe a glance at the developer name—not on a forensic international corporate ownership search.

Why Is This Allowed? The Double Standard in Big Tech App Stores

Both Apple and Google make bold claims about prioritizing user privacy. Yet, as of this writing, three months after the TTP report, the majority of these flagged apps remain available for download.

Why hasn’t anything changed?

  • Lack of effective moderation or due diligence: App store gatekeeping is far from perfect. Even major players slip through the cracks if their corporate structure is complex enough.
  • No regulatory consequences: There’s currently no U.S. regulatory body holding Apple or Google accountable if a privacy-compromising app is allowed to thrive on their platforms.
  • Business dependencies: Apple, in particular, has shown a willingness to remove hundreds of apps at the request of the Chinese government, whose cooperation is key to Apple’s manufacturing chain. Yet, when it comes to apps that might compromise international users’ privacy, the urgency vanishes.

Here’s the rub:
While U.S. lawmakers focus on banning apps like TikTok from government devices over privacy concerns, the potential threat from VPN apps is arguably much bigger. A VPN doesn’t just see your social media posts—it can see and store everything you do online.

As Katie Paul, TTP’s director, succinctly puts it:

“The threat of VPNs is much more significant because of the range of activity that takes place when they are in use.”

The Real-World Impact: Who’s At Risk, and Why Should You Care?

If you use a VPN, you’re probably doing so for one of these reasons:

  • Protecting sensitive work data (especially if you’re in business, law, or journalism)
  • Safeguarding personal information on public Wi-Fi
  • Accessing region-locked content or bypassing censorship
  • Keeping your identity private from ISPs, hackers, or government surveillance

Now consider:
If you’re using a VPN linked to a company compelled by Chinese law to hand over your data, you could be exposed to:

  • Corporate espionage: Your company’s trade secrets, communications, or strategy could be intercepted.
  • Government surveillance: Journalists, activists, and dissidents become easy targets.
  • Personal privacy breaches: Everyday users might have their browsing history, logins, or even financial information exposed.

This isn’t just a theoretical risk. The U.S. Department of Commerce has sanctioned companies like Qihoo 360 (behind Turbo VPN) for reasons tied to national security and links to the Chinese military.

How to Spot a Risky VPN App (And What To Use Instead)

So, how can you tell if a VPN app is risky—especially when it looks trustworthy on the surface? Here are some steps you can take:

1. Investigate the Developer

  • Google the developer’s name and look for parent company information.
  • Be wary of vague or generic company names, or any developer that doesn’t offer clear contact information and transparency about ownership.

2. Check for Transparency

  • Legitimate VPN providers typically publish transparency reports and clearly explain their privacy policies and data retention practices.
  • Look for detailed “no-logs” policies, independent audits, and clear descriptions of how they handle data requests from governments.

3. Consider Jurisdiction

4. Watch for Red Flags

  • Over-the-top claims (“100% anonymous!”) with little technical detail.
  • Apps that are free but make money through ads or vague “partnerships.”
  • Poorly written privacy policies, or none at all.

5. Rely on Reputable, Audited VPNs

Some VPNs with strong reputations and clear ownership include:

These companies publish independent audits and respond to legal data requests transparently.

Apple and Google: The Gatekeepers Who Aren’t Watching the Gate

Both Apple and Google tout their platforms’ security. But as this issue shows, their vetting can be skin-deep. Why the disconnect?

  • App store moderation is largely automated. While both companies claim to review apps for privacy and security, the process can miss nuanced, indirect, or cleverly hidden ownership structures.
  • Global business interests often outweigh user protection. Apple, for example, has deep business ties to China and has demonstrated a willingness to prioritize these relationships.
  • Opaque accountability. Without regulatory pressure, neither Apple nor Google faces consequences for letting these apps remain.

Bottom line:
The burden falls on you, the user, to do the research—unless and until regulators, platforms, and independent watchdogs step up.

Steps You Can Take Right Now to Protect Your Privacy

Here’s what you can do today:

  1. Delete questionable VPN apps—especially those named in the TTP report.
  2. Switch to a reputable VPN provider with transparent ownership, clear privacy policies, and a proven track record.
  3. Stay updated on security news. Watch for reports from organizations like the Electronic Frontier Foundation or The Verge.
  4. Advocate for stronger oversight. Let your representatives know that privacy in app stores matters.

What Comes Next? The Future of VPN Privacy and App Store Accountability

This issue sits at the crossroads of privacy, geopolitics, and technology. Unless app store policies tighten, or regulators impose real accountability, risky VPN apps will likely remain just a tap away.

Possible changes on the horizon:

  • Greater transparency requirements: App stores could be required by law to disclose VPN app ownership and jurisdiction.
  • Routine, independent audits: More VPNs will need to open themselves up to third-party scrutiny.
  • Public education: Users will need better tools and information to make safe choices.

But for now? Knowledge is your best defense.

FAQ: People Also Ask

Q: Why would a VPN app be risky if it’s highly rated and popular?
A: Ratings often reflect user experience (speed, design, reliability), not data privacy. Ownership and legal obligations (like China’s National Intelligence Law) can force even high-quality apps to hand over user data, regardless of visible quality.

Q: How can I check if a VPN app is owned by a Chinese company?
A: Search the developer’s name, look up their parent company, and cross-reference with reports like those from the Tech Transparency Project or articles from trusted news sources.

Q: Are free VPNs safe to use?
A: Rarely. Free VPNs often make money by collecting and selling user data, showing ads, or cutting corners on security. Always read privacy policies, and prefer reputable, audited paid services.

Q: What’s the worst that could happen if I use a risky VPN?
A: In the worst-case scenario, your browsing activity, personal information, and even passwords could be intercepted and shared with foreign governments or malicious third parties.

Q: Will Apple or Google remove these risky VPN apps?
A: So far, neither company has acted on the TTP report, despite having the means to investigate and remove problematic apps. Public pressure and regulatory change may be needed.

Key Takeaway: Protect Your Privacy—Don’t Trust at First Download

The convenience of app stores has made it easier than ever to find and use VPNs—but also to stumble into privacy pitfalls hidden beneath slick interfaces and five-star reviews. Before you trust a VPN with your data, trust your own research.

If you care about your privacy, take a few minutes to investigate, switch to a proven provider, and stay informed. Your digital safety is worth it. Want more insights on privacy, security, and tech transparency? Subscribe to our newsletter and keep your knowledge (and your data) a step ahead.

For further reading:
Tech Transparency Project VPN Report
EFF on Choosing a VPN
ProtonVPN on VPN Trustworthiness
PCMag’s Best VPN Services

Discover more at InnoVirtuoso.com

I would love some feedback on my writing so if you have any, please don’t hesitate to leave a comment around here or in any platforms that is convenient for you.

For more on tech and other topics, explore InnoVirtuoso.com anytime. Subscribe to my newsletter and join our growing community—we’ll create something magical together. I promise, it’ll never be boring! 

Stay updated with the latest news—subscribe to our newsletter today!

Thank you all—wishing you an amazing day ahead!

Read more related Articles at InnoVirtuoso

InnoVirtuoso

Hello there! I'm passionate content writer navigating the digital landscape. With a deep love for words and an insatiable curiosity about technology.

With 10 years of experience in IT field, I write mostly about emerging tech, sharing news, informational articles and covering other topics I find interesting.

Let's craft the future of content together – one word at a time!

Browse InnoVirtuoso for more!

black audio mixer

Creating Your First Digital Product: A Comprehensive Glossary for Information Security Vocabulary

ByInnoVirtuoso

Join our weekly newsletters for the latest updates and exclusive content on industry-leading AI, InfoSec, Technology, Psychology, and Literature coverage. Learn More Introduction Hello everyone, as you know I don’t take myself too serious on this internet thing, so I’ll be trying to create a digital product just for the hell of it, and not…

graybots scrapers
| |

The Surge of Gray Bots: Navigating the Challenges of Generative AI Scraper Activity

ByInnoVirtuoso

Understanding Gray Bots and Their Impact Gray bots represent a distinct category of web scraping tools that operate in a morally ambiguous space. Unlike traditional bots that engage in clear-cut malicious activities, gray bots deploy generative AI technologies to scrape and gather content from web applications and platforms. Their surge in activity has been notably…

a pole with a bunch of stickers on it
|

Understanding Doxxing: The Risks and Repercussions of Revealing Private Information

ByInnoVirtuoso

Join our weekly newsletters for the latest updates and exclusive content on industry-leading AI, InfoSec, Technology, Psychology, and Literature coverage. Learn More What is Doxxing? Doxxing, a term derived from the phrase “dropping documents,” refers to the act of publicly revealing sensitive or private information about an individual or organization without consent, usually with malicious…

dora fines
| |

DORA Compliance Costs: Why Many UK and EU Businesses are Facing €1M Overhead

ByInnoVirtuoso

Compliance with the Digital Operational Resilience Act (DORA) has become a significant financial burden for many financial institutions across the UK and EU. Recent research by Rubrik Zero Labs reveals that businesses are grappling with soaring compliance costs, often exceeding €1 million ($1.02 million) as they race to meet the January 17, 2025 deadline. What…

Over 1,000 SOHO Devices Hijacked: Inside the China-Linked LapDogs Cyber Espionage Campaign
|

Over 1,000 SOHO Devices Hijacked: Inside the China-Linked LapDogs Cyber Espionage Campaign

ByInnoVirtuoso

Imagine sitting in your office, logging onto your home router, and discovering that somewhere—halfway across the globe—someone’s using your humble device as a launchpad for covert cyber espionage. Sound like a plot straight from a techno-thriller? Unfortunately, it’s reality. Over 1,000 small office and home office (SOHO) devices have been quietly compromised in a stealthy…

uk gov retail cyber attacks

UK Government’s Warning: Retail Cyber-Attacks Serve as a Wake-Up Call

ByInnoVirtuoso

Understanding the Recent Wave of Cyber-Attacks In recent months, UK retailers have experienced an alarming rise in cyber-attacks, which have intensified concerns regarding the security of sensitive consumer data. Notable incidents, such as those affecting Marks & Spencer and several other leading brands, underscore the vulnerabilities present within the retail sector. These attacks often employ…

Leave a Reply

Your email address will not be published. Required fields are marked *