An iPhone on a Chinese flag
The App Store hosted a number of VPN apps with ties to a Chinese military-affiliated company sanctioned by the US, with millions of downloads between them all.
Users are often warned of the dangers of the Internet, with privacy issues prompting some to sign up for a VPN service. While there are many legitimate iPhone VPN services on the market, some have been found to be a potential national security risk.
A report from research group Tech Transparency Project looked into the top 100 free virtual private network (VPN) services offered in the App Store to users in the U.S. in 2024. In tracing the corporate ownership of each, the investigation found that one in five were owned by Chinese companies.
Chinese companies are obligated under Chinese national security laws to hand over the browsing data of users.
A bigger issue for the report is that several apps were traced to Qihoo 360, a firm that the U.S. Defense Department deems to be a “Chinese Military Company.” A 2015 article from the Chinese Daily revealed that customers fo Qihoo 360 included the People’s Liberation Army and at least eight Chinese government ministries.
Qihoo 360 was sanctioned by the U.S. in June 2020 on national security grounds, due to the “significant risk” associated with the company and its connection to the Chinese military. The company was also placed on the U.S. Commerce Department’s Entity List, which prevents it from receiving U.S. exports unless it obtains a license beforehand.
Innovative Connecting is an app producer under the control of Qihoo 360 and is behind a number of VPNs, the ownership of which is obfuscated by a network of companies. Its products include the free VPN apps VPN Proxy Master and Thunder VPN, along with SnapVPN, Signal Secure VPN, and Turbo VPN.
Apple and Qihoo 360 declined to respond to the report’s producers.
Undermining security
The discovery of Chinese ownership of numerous VPN apps is concerning for users, and potentially a problem for Apple itself.
Highlighting Apple’s reputation for privacy and security, Campaign for Accountability executive director Michelle Kuppersmith believes the report shows users could be more exposed using the apps than they may be aware of.
Referring to it as a “national security nightmare,” Kuppersmith believes Apple should take immediate steps to ensure users know which apps are owned by Chinese companies.
Kuppersmith adds that the report’s findings reveal Apple’s vetting process for the App Store is not sufficient enough for purpose.
Apple’s guidelines that app developers must follow for inclusion in the App Store mentions that VPN services should not “sell, use, or disclose” any data to third parties. However, given Chinas’s laws concerning VPNs and browsing data, it seems the guideline is being ignored in these cases.
China’s persistent need to be able to monitor its citizens, and potentially people from other countries too, has put Apple in a difficult situation as a paragon of privacy that still follows China’s laws that go against it.
As for the report’s impact, it doesn’t seem to have moved the needle with Apple yet. AppleInsider checked the iOS App Store, and found all five named Qihoo 360 VPNs still available to download.
A history of allowance
While it is unclear whether Apple is allowing the questionable VPNs to exist in the App Store because it doesn’t wish to push back against China, it’s not the only instance where China’s laws have interfered with Apple’s plans.
The slow rollout of Apple Intelligence into China is in part due to Apple needing to have a local partner, to abide by Chinese laws. This has led to a situation where Alibaba, the Chinese retail giant working with Apple on the service, will be censoring results to meet legal restrictions.
Apple has also previously abided by orders from the Chinese government to pull VPNs from the regional App Store that didn’t meet local laws. In 2017, this included foreign VPN services that didn’t comply with cybersecurity laws, forcing Chinese user data to be stored on Chinese servers.
Apple CEO Tim Cook has repeatedly advised that Apple will abide by the regulations of any country in which it operates. Even if it sometimes goes against its own principles.
