FBI Warns Against Using Chinese Mobile Apps Over Data Security Risks

What happened

The FBI warned Americans against using foreign-developed mobile apps, particularly those created by Chinese developers, because of privacy and data security risks. In a public service announcement issued through its Internet Crime Complaint Center, the bureau said many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, especially those based in China. The FBI said apps tied to digital infrastructure in China may be subject to Chinese national security laws that could enable government access to user data. It also warned that some apps may continue collecting private information even when users believe permissions apply only while the app is active. According to the advisory, these apps may also gather extensive information by default, including contact names, phone numbers, email addresses, user IDs, and physical addresses. 

Who is affected

The potential exposure affects U.S. mobile app users, particularly those who use apps developed and maintained by companies based in China. The FBI said the risk includes continued data collection, broad default permissions, and storage of collected data, including personal information and system prompts, on servers located in China. 

Why CISOs should care

This matters because the warning focuses on consumer and workforce mobile apps that may collect broad categories of personal and device-related information under default settings. For CISOs, the issue extends to employee privacy, mobile-device risk, and organizational exposure when foreign-developed apps are present on devices used for work or tied to business accounts and contacts. 

3 practical actions

1. Review mobile app permissions closely: Identify apps on managed and bring-your-own devices that collect more data than is necessary for their stated function, especially where contact lists and persistent access permissions are involved. 
2. Limit unnecessary data sharing: Reduce app-level data access wherever possible, in line with the FBI’s recommendation to turn off unnecessary data sharing. 
3. Use verified software sources and current devices: Make sure users download apps only from official app stores and keep device software updated, reflecting the bureau’s guidance for lowering privacy and security risk. 

For more news about security developments that affect privacy and enterprise risk, click Cybersecurity to read more.