Your phone may already be working against you. The FBI has issued a stark public warning that millions of Americans could be handing over their most sensitive personal data simply by downloading popular Chinese-made mobile apps. And the scariest part? You do not even have to use the app for your information to be at risk.
What the FBI Is Actually Saying
On March 31, 2026, the FBI’s Internet Crime Complaint Center published PSA 260331, a formal public service announcement warning Americans about privacy and data security risks from foreign-developed mobile applications, particularly those built by Chinese companies.1
The bureau pointed out that “as of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China,” adding that “the apps that maintain digital infrastructure in China are subject to China’s extensive national security laws, enabling the Chinese government to potentially access mobile app users’ data.”2
Specifically, China’s 2017 National Intelligence Law requires any organization or citizen to support, assist, and cooperate with state intelligence work, and companies do not get to opt out.3 That legal reality is what makes this warning more than just a standard cybersecurity advisory.
FBI warning Chinese mobile apps user data privacy risk 2026
The Data They Collect Goes Far Beyond the App
This is where it gets deeply unsettling. Most people assume an app only grabs what it needs to function. That assumption is wrong.
The FBI said that some of these mobile apps may continuously collect data and users’ private information, even when users grant permission only while the app is active.2
The apps may also collect extensive information with default permissions, including address book data such as contacts’ names, phone numbers, email addresses, user IDs, and physical addresses.2
The risk does not stop at you. That persistent access can include your address book, which is a big deal. It is not just your information. You are also giving up the names, phone numbers, email addresses, and physical addresses of your family, friends, and business associates.3
Here is a quick breakdown of what these apps can access:
- Your full contact list, including people who never downloaded the app
- Continuous location data, even after you close the app
- Emails, user IDs, and physical addresses
- Device identifiers and background usage patterns
- System prompts and any personal information entered into the app
Some apps’ privacy policies explicitly state that the collected data is stored on servers located in China “for as long as the developers deem necessary.”2 That is an indefinite timeline with zero user control.
Malware Is the Other Half of the Threat
Data collection is only one part of the story. Beyond legitimate data-collection practices, the bureau cautions that certain Chinese apps may contain malicious capabilities, including embedded malware designed to exploit operating system vulnerabilities, establish persistent backdoors, and escalate privileges, which could enable unauthorized data exfiltration or the silent installation of additional malicious components.4
The FBI also pointed to possible warning signs that an app may be collecting more data than expected, including unusual battery drain, spikes in data usage, or unauthorized account activity after installation.5
Some apps do not even allow users to operate the platform unless they consent to data sharing.2 It is essentially a digital take-it-or-leave-it.
Which Apps Are We Talking About?
The FBI did not name specific apps in its advisory. But the picture is not hard to piece together.
The warning could apply to a range of widely used apps developed by Chinese firms, including video-editing platform CapCut, shopping apps like Temu and SHEIN, and social media platforms such as Lemon8, several of which rank among the most downloaded apps in the United States.5
The DeepSeek AI chatbot also fits the profile, and US authorities have already taken action against TikTok, Temu, and DeepSeek over national security or data security concerns.6
The bureau’s PSA comes after China transferred operational control of TikTok’s US business in early 2026 to a majority American-owned joint venture led by Oracle, US tech investment firm Silver Lake, and Emirati investor MGX, to avoid being banned in the country following a 2024 US law requiring parent company ByteDance to divest the platform over national security concerns.2
In 2025, Florida banned the Chinese artificial intelligence model DeepSeek from the state’s Department of Financial Services. New York and Texas also banned DeepSeek from state government devices and networks that year.7
What You Should Do Right Now
The FBI is not asking you to delete every app on your phone. But it is asking you to be smarter about what you allow.
To mitigate exposure, the FBI recommends a set of baseline security practices, including disabling unnecessary permissions, installing apps only from official marketplaces, and regularly updating device software and passwords. Users are also urged to review privacy policies and end-user license agreements to better understand how their data is collected, stored, and shared.4
Here are the FBI’s key recommendations in plain terms:
| Action | Why It Matters |
|---|---|
| Review app permissions on install | Limits what data the app can access from day one |
| Download only from official stores | Reduces risk of malware-laced apps |
| Update your device regularly | Patches vulnerabilities that malicious apps exploit |
| Change passwords frequently | Reduces damage if credentials are already exposed |
| Avoid sharing contact lists | Protects people who never even downloaded the app |
| Read privacy policies | Reveals where your data is stored and for how long |
On iPhone, users can turn on App Privacy Report under Settings, then Privacy and Security. It shows which apps are accessing your camera, microphone, location, and contacts and how often. On Android, users can go to Settings, then Security and Privacy, then Privacy, then Permission Manager to see access broken down by permission type.3
If you suspect a foreign-developed app has compromised your data or caused unusual device behavior, the FBI urges you to file a complaint with the Internet Crime Complaint Center at IC3.gov.8
The FBI’s warning lands at a time when data has become one of the most powerful currencies in the world. What feels like a free app may actually come at a cost most users never agreed to pay, and the people in your contact list never even got the chance to say no. Take a few minutes today to audit what your apps can access. Your privacy, and the privacy of everyone you know, may depend on it.
What do you think about the FBI’s warning on Chinese mobile apps? Do you feel your current app habits need a change? Drop your thoughts in the comments below.
