The FBI has issued a public service announcement warning Americans to exercise caution when downloading and using mobile applications developed or maintained by foreign companies, particularly those based in China, because they may be subject to foreign national security laws that could grant governments access to user data.
In the advisory, the bureau said apps with digital infrastructure tied to China “are subject to China’s extensive national security laws,” a legal framework that could enable the Chinese government to request or compel access to information held by developers or hosted on servers in China. The FBI cautioned that some applications can collect data from an entire device — not just activity within the app — once users grant permissions, and that some may contain malware capable of harvesting data beyond what users explicitly authorize.
A specific concern highlighted by the FBI is the way certain apps request default permissions that enable broad access to device content, including contact lists. That access, the bureau noted, can expose “personal information belonging to both users and non-users in their contact lists.” The advisory also warned that collected information may be stored on Chinese servers “for as long as the developers deem necessary,” and that some platforms require consent to data-sharing as a condition of use.
The bulletin named several popular services that are developed and maintained by Chinese companies and used widely in the United States, including the video-editing app CapCut and e-commerce platforms Temu and SHEIN. TikTok — previously the main focus of U.S. lawmakers’ scrutiny — reached a high-profile settlement in January to reorganize its U.S. operations into a newly constituted U.S.-based entity that holds an 80.1% stake, limiting parent company ByteDance to a 19.9% share. That deal was presented as a response to bipartisan legislative pressure that threatened to ban TikTok if it remained under ByteDance’s control amid similar security concerns.
To help users reduce risk, the FBI reiterated several practical steps: keep software up to date, change passwords regularly, disable unnecessary data sharing and permissions, only download verified apps from official app stores, and read terms-of-service or end-user license agreements before installing apps. The bureau emphasized that even when apps appear legitimate, users should be mindful of the breadth of permissions they grant and the potential for data to be collected or retained outside the United States.
The advisory comes amid ongoing debate in Washington over how to balance consumer convenience and commercial ties with mounting national security worries about foreign access to data. While regulators and lawmakers have taken action in some high-profile cases — most notably with TikTok’s restructuring and proposed bans in previous congressional sessions — the FBI’s announcement signals that officials view the risk as a continuing concern across a range of digital services.
For consumers, the bureau’s message is straightforward: scrutinize what apps ask for and where they store data, and adopt basic digital hygiene measures. For policymakers and companies, the advisory adds pressure to craft clearer rules and technical safeguards governing cross-border data flows and the operations of foreign-owned apps in the U.S. market.