Millions of Americans are inadvertently sending their internet traffic to Chinese companies—including several tied to the People’s Liberation Army

FOR IMMEDIATE RELEASE: April 1, 2025

Contact: Michael Clauw, mclauw@campaignforaccountability.org, 202.780.5750

WASHINGTON, D.C. – Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation traced the corporate ownership of the top 100 free virtual private networks (VPNs) offered by Apple to its U.S. users during 2024. VPNs are used by many users to protect their privacy by masking their location and identity online. They are also used by many children to evade school restrictions on games or social media use.

However, TTP found that one in five of the VPNs it examined were surreptitiously owned by Chinese companies, which are forced by the country’s laws to share their users’ browsing data with the government. In addition to the national security concerns, the findings also raise serious questions about Apple’s carefully cultivated reputation for protecting its users’ privacy.

Read TTP’s report.

“Apple’s reputation for security and privacy may lead consumers to believe that any VPN they discover in the App Store will keep their internet activity private, but these findings show that many users may end up more exposed than they’re aware,” said Michelle Kuppersmith, executive director of the nonprofit that runs TTP, the Campaign for Accountability. “This is a national security nightmare, and at a minimum Apple should take immediate steps to ensure its users understand when apps are owned by Chinese companies.”

None of the 20 apps identified by TTP as Chinese-owned clearly disclosed that fact. Most gave no indication of their Chinese connection at all, and some went to significant lengths to conceal their true ownership behind layers of shell companies.

Several of the apps were traced back to Qihoo 360, a firm declared by the U.S. Defense Department to be a “Chinese Military Company.” The firm has worked for China’s People’s Liberation Army and at least eight Chinese government ministries, according to state media.

Apple’s guidelines for app developers state that apps offering VPN services “may not sell, use, or disclose to third parties any data for any purpose.” It’s unclear how Apple reconciles that policy with the presence of Chinese VPN apps in its App Store, given those apps can be required by law to turn over user data to Chinese authorities.

Apple has repeatedly sought to fend off antitrust legislation designed to loosen its grip on the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect.

“These findings show that Apple’s App Store vetting process is entirely insufficient,” said Kuppersmith. “Apple customers deserve to know who has access to their data, especially when it comes to VPNs, which are marketed as tools to increase the privacy of a user’s web activity.”

Tech Transparency Project is a project of the Campaign for Accountability, a nonpartisan, nonprofit watchdog organization that uses research, litigation, and aggressive communications to expose misconduct in public life.