The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers.
In a public service announcement (PSA) issued via its Internet Crime Complaint Center (IC3) platform this Tuesday, the FBI warned of privacy and data security risks associated with these apps.
“As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China,” the bureau warned.
“The apps that maintain digital infrastructure in China are subject to China’s extensive national security laws, enabling the Chinese government to potentially access mobile app users’ data.”
Among the risks highlighted in the advisory, the FBI said that some of these mobile apps may continuously collect data and users’ private information, even when users grant permission only while the app is active.
The apps may also collect extensive information with default permissions, including address book data such as contacts’ names, phone numbers, e-mail addresses, user IDs, and physical addresses.
“The apps’ privacy policies list where the collected data, including personal information and system prompts, is stored. Some of the apps state that the collected data is stored on servers located in China for as long as the developers deem necessary,” it added. “Some apps do not allow the users to operate the platform unless users consent to data sharing.”
To protect their data and privacy, the FBI recommends turning off unnecessary data sharing, regularly updating device software, and downloading verified apps only from official app stores.
While the bureau also advised changing passwords regularly, using a password manager app like Bitwarden or 1Password to generate strong passwords for all accounts is a more secure approach, since frequently updating them may lead to choosing easier-to-remember ones that are quicker to guess in brute-force attacks.
The FBI has asked Americans whose data has been compromised or who have noticed suspicious activity after installing a foreign-developed mobile app to report the incidents through its IC3 platform.
The bureau’s PSA comes after China transferred operational control of TikTok’s U.S. business in early 2026 to a majority American-owned joint venture led by Oracle, U.S. tech investment firm Silver Lake, and Emirati investor MGX, to avoid being banned in the country following a 2024 U.S. law requiring parent company ByteDance to divest the platform over national security concerns.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.