The US Federal Bureau of Investigation (FBI) has warned Americans against using mobile apps developed in other countries, especially those created by Chinese developers.
In a public service announcement (PSA) issued through the Internet Crime Complaint Center (IC3) forum this Tuesday, the FBI warned of privacy and data security risks associated with these applications.
“As of early 2026, most of the most downloaded and top-grossing apps in the United States are being developed and maintained by third-party companies, especially those based in China,” the bureau warned.
“Apps that maintain China’s digital infrastructure are subject to China’s extensive national security laws, which allow the Chinese government access to mobile app users’ data.”
Among the risks outlined in the advisory, the FBI said some of these mobile apps may continue to collect data and private information from users, even if users only give consent while the app is running.
Apps may also collect a lot of information with automatic consent, including address book data such as contact names, phone numbers, email addresses, user IDs, and residential addresses.
“A list of privacy policies of the applications where collected data, including personal information and system instructions, is stored. Some of the applications state that the collected data is stored on servers located in China for as long as the developers deem necessary,” it added. “Some apps don’t allow users to use the platform unless users agree to share data.”
To protect their data and privacy, the FBI recommends turning off unnecessary data sharing, updating device software regularly, and downloading only verified apps from official app stores.
Although the bureau also advises changing passwords regularly, using a password manager app like Bitwarden or 1Password to create strong passwords for all accounts is a more secure option, as updating them regularly can lead to easy-to-remember choices that are quick to guess in a serious attack.
The FBI has asked Americans whose data has been compromised or who have seen suspicious activity after installing a foreign-developed mobile app to report the incidents through its IC3 platform.
The office’s PSA comes after China transferred control of TikTok’s US operations in early 2026 to a US joint venture led by Oracle, US technology investment firm Silver Lake, and Emirati investor MGX, to avoid a ban in the country following a 2024 US law requiring parent company Byst TheDance to divest from the security platform.
Automatic logging proves that the path exists. BAS proves that your controls are stopping you. Many teams run without each other.
This white paper outlines six areas of validation, indicates where coverage ends, and provides clinicians with three diagnostic questions for any screening tool.
