Watchdog says these VPN apps could be giving your data to China

This recording was made using enhanced software.

Summary

Watchdog warning

The nonprofit research organization Tech Transparency Project says 17 VPN apps have undisclosed ties to China.

Cybersecurity concerns

Consumers could have their browsing history, IP addresses, and connection logs handed over to Chinese authorities.

Sanctioned companies

Qihoo 360, a Beijing-based company under U.S. sanctions since 2020, is said to be linked to several of the VPN apps.

Full story

A consumer watchdog is accusing 17 virtual private network (VPN) apps, used to encrypt internet traffic and hide IP addresses, of having undisclosed connections to China. The claim, made in a report published on Thursday, June 12, by the Tech Transparency Project, points to four free apps on the Google Play Store, six on Apple’s App Store and seven more available on both.

The companies behind the apps “are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws,” raising serious privacy and security concerns, the report said.

Investigators reportedly traced several of the apps to Qihoo 360, a Beijing-based cybersecurity firm that the U.S. Department of Defense has labeled a “Chinese military company.” Qihoo 360 has been under U.S. sanctions since 2020.

Consumers using such apps could have their browsing history, IP addresses, and connection logs collected and handed over to Chinese authorities. And depending on the VPN’s configuration, the encryption meant to obscure online activity could become ineffective.

Although Western-based companies can be compelled to share data with law enforcement, a handful of reputable VPN providers are legally able to employ strict no-logging policies. For example, police left empty-handed after executing a search warrant on the Swedish VPN company Mullvad in 2023.

“It would be hard for U.S. users to avoid the Chinese VPNs,” the report said. “The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies.”

Apps obscure Chinese owners

The Tech Transparency Project, a nonprofit research organization, linked the apps to China “by piecing together corporate documents from around the world,” its report said. None of the apps clearly disclosed their Chinese ownership.

The report follows similar research the organization published on April 1, which alleged that more than 20 of the top 100 free VPNs in the Apple App Store in 2024 “showed evidence of Chinese ownership.”

Following an inquiry from the Financial Times, Apple stopped offering numerous apps linked to Qihoo 360, including Thunder VPN, Snap VPN and Signal Secure VPN. However, according to the new report, two other apps — Turbo VPN and VPN Proxy Master — remain.

App stores profit

Users can download the apps for free, though several offer in-app purchases.

“That means Apple and Google may be profiting from these Chinese-owned VPNs when Americans pay for subscriptions or other add-ons,” the report said.

Neither Google nor Apple has addressed the specific apps highlighted by the report.

Peter Micek, general counsel at the human rights advocacy nonprofit Access Now, told NBC News the availability of apps linked to Qihoo 360 is concerning.

“It seems like this project has done the homework and due diligence that Apple and Google should have done,” Micek said. “And it does seem like those ties would constitute indirect contact with, transactions with folks who are sanctioned.”

Tech companies, he said, can sometimes face significant fines for violating sanctions.

Alan Judd (Content Editor) and Devin Pavlou (Digital Producer) contributed to this report.

Tags: China, Cybersecurity, Department of Defense, Privacy, VPN

Why this story matters

Allegations that numerous VPN apps with undisclosed ties to China may be collecting and potentially handing over users' data to the Chinese government raise significant privacy, security, and transparency concerns for millions of global users.

Data privacy

The report by the Tech Transparency Project raises concerns that users’ internet browsing data may not be protected as expected, especially if VPN companies are legally obligated to share information under Chinese law.

Corporate transparency

According to the Tech Transparency Project, many VPN apps allegedly conceal their true ownership structure through offshore shell companies, making it difficult for consumers to assess the risks of using these services.

Regulatory oversight

The response of tech platforms like Apple and Google, as described by the report, highlights questions around the effectiveness of oversight in detecting sanctioned or potentially risky companies in their app stores.

Sources

Bias comparison

Media outlets on the left frame the VPN data privacy issue with a protective, consumer-rights lens, emphasizing Proton VPN as a “superlative service” championing user privacy and aggressively criticizing Apple and Google for “profiting from” risky Chinese-owned VPN apps that pose a “security risk."
Not enough coverage from media outlets in the center to provide a bias comparison.
Media outlets on the right tend to employ alarmist, distrustful language like “hidden ties” and “warns,” stressing national security threats and deliberate deception by foreign actors.

Report an issue with this comparison

Media landscape

Click on bars to see headlines

14 total sources

Key points from the Left

A report by the Technology Transparency Project claims that 17 VPN apps have undisclosed ties to China, raising concerns about user data surveillance.
The report links many of the apps to Qihoo 360, a Chinese cybersecurity company under U.S. government sanctions.
Katie Paul, TTP's director, stated that using these apps means users' online activities could be shared with the Chinese government due to local laws.
Peter Micek from Access Now expressed concern about tech companies potentially overlooking sanctions related to these applications.

Report an issue with this summary

No coverage from Far Left sources 0 sources
No coverage from Left sources 0 sources
See Hide headlines from Lean Left sources 2 sources
- Your VPN could be giving your browsing data to China, watchdog says
  NBC News
- Proton VPN review 2025: A nonprofit service with premium performance
  Engadget

Key points from the Center

On June 13, the Tech Transparency Project found that numerous VPN applications available on Apple’s and Google’s platforms maintain hidden connections to Chinese firms, including the U.S.-sanctioned cybersecurity company Qihoo 360.
These VPN apps are concerning because Chinese law requires companies to share user data with the government, and Qihoo 360 was sanctioned by the U.S. Commerce Department in 2020 due to military involvement risks.
The report revealed that 13 VPN apps linked to Chinese companies remain available on Apple’s App Store, while 11 such apps can be found on Google Play, with many generating millions of dollars in revenue from U.S. Users despite having undisclosed ownership.
Katie Paul of the TTP explained that all internet traffic from users who connect through a VPN passes through that service, and Justin Sherman cautioned that selecting a VPN owned by Chinese companies could result in personal browsing information being accessed by Beijing.
The findings imply significant privacy risks for U.S. Users and suggest tech giants’ enforcement and disclosure policies on these VPN apps are insufficient to prevent possible foreign surveillance.

Report an issue with this summary