Chinese VPNs continue to thrive in the App Store
Despite warnings from researchers, the U.S. App Store is still home to various VPNs that obscure their Chinese ownership and may be transmitting user data directly to Beijing.
Over six weeks after initial concerns were raised, Apple and Google continue to host VPN applications linked to Chinese companies in their U.S. app stores, with many not revealing their ownership.
Several of these apps are associated with a Chinese cybersecurity firm that is under U.S. sanctions. Both tech giants are reportedly profiting from these applications.
This is the primary takeaway from a recent investigation by the Tech Transparency Project (TTP), which revisited its April report. While some apps have been removed, many dubious VPNs remain operational, collecting user data and subscription fees.
All under the guise of providing privacy.
At a casual glance, these apps seem harmless, advertised as free solutions for maintaining online anonymity.
However, a closer look reveals a troubling reality.
TTP discovered that numerous apps are actually owned by Chinese enterprises. One notable example is Qihoo 360, a cybersecurity entity sanctioned by the U.S. government due to its affiliations with the People’s Liberation Army.
Apps like Turbo VPN and VPN Proxy Master remain available on the Apple App Store, both having connections to Qihoo 360 and similar counterparts on the Google Play Store.
Overall, TTP identified 13 VPNs with Chinese links still active on Apple’s platform and 11 on Google’s.
An example of a VPN linked to China
These apps often fail to disclose their Chinese ownership. Some obscure their corporate identity through Singapore or use developer names like “Free Connected” or “Innovative Connecting” to evade scrutiny.
These aliases frequently lead back to the same entities. In China, corporations are compelled to comply with government requests for user data.
This is the crux of the issue—VPNs can monitor your online activities. Using one that has undisclosed ties to a foreign government with extensive surveillance laws poses significant security risks.
Apple and Google are profiting from these apps
These applications are not only popular but also lucrative, providing financial benefits to both Apple and Google.
For instance, apps like X-VPN have reportedly generated over $10 million from U.S. users alone, with Turbo VPN and VPN Proxy Master each raking in more than $5 million.
Apple receives up to 30% of in-app revenue, while Google claims a similar share, especially from subscriptions and advertising.
This indicates that both companies are financially profiting from apps that may expose users to foreign surveillance. This raises questions about the credibility of Apple’s privacy-promoting initiatives and Google’s commitments to user safety.
Apple asserts that VPN apps in its store are prohibited from selling or sharing user data, yet enforcement remains unclear. Google mandates transparency regarding data practices but appears to lack specific policies regarding VPNs.
Don’t assume the App Store is ensuring your safety
If you’re downloading a VPN app, it’s likely for privacy reasons. However, there’s a considerable chance that the app store is offering solutions that may compromise your privacy instead.
While VPNs are not outright banned in China, they are stringently regulated. The Chinese government permits only authorized providers that comply with censorship regulations, effectively blocking most foreign VPNs.
Attempting to circumvent the Great Firewall with a VPN could constitute a legal violation. China has intensified its crackdown on VPN developers and pressured companies like Apple to remove numerous applications from the local App Store.
This is part of a broader strategy to maintain stringent control over online activities. Consequently, when Chinese companies offer their VPN services in other markets like the United States, it poses risks for American users as well.
Another example of a VPN linked to China
Some applications attempt to obscure their Chinese affiliations. For instance, Autumn Breeze Pte. Ltd. claims independence from Qihoo 360, yet TTP found connections to a former Qihoo executive still listed as a director.
Once your data leaves your device, its destination becomes unclear— and so does who might access it.
Users deserve transparency regarding the developers behind the software meant to protect their sensitive information, especially when such tools are presented as secure, private, and anonymous.
Currently, app stores are falling short in this aspect. If Apple and Google are genuinely committed to privacy, they must hold their storefronts to the same standards they impose on smaller developers.
Apple’s response
After our inquiry, Apple reiterated its previous stance.
The company stated that the App Store is open to developers globally as long as they adhere to App Review Guidelines and local laws, without restricting apps based on the nationality of developers or company location.
Apple asserted that VPN apps face stricter regulations; only registered entities may publish them, and developers must clearly disclose the data collected and its intended use prior to user engagement.
According to Apple, these apps are not permitted to utilize or share data in any capacity and must indicate this in their privacy policies. The company claimed to enforce these policies and remove non-compliant apps.