On March 31, 2026, the FBI dropped a public service announcement that should make you uncomfortable. The bureau warned that many of the most popular apps on American phones — apps you probably use every single day — are built by Chinese companies and may be funneling your personal data straight to servers where the Chinese government can legally demand access to it. No warrant. No judicial oversight. No way to say no.
The official PSA didn’t name specific apps. The FBI rarely does. But the media connected the dots almost immediately, and the apps in question are ones sitting on hundreds of millions of American phones right now. Here’s what you need to know and what you should actually do about it.
Which Apps Are We Talking About?
The FBI kept its language broad — “foreign-developed mobile applications, particularly those based in China” — but multiple major outlets immediately pointed to the obvious suspects. According to reporting from Forbes, the apps that fit the FBI’s description include TikTok, TikTok Lite, CapCut (the video editing app owned by the same parent company as TikTok), Temu, Shein, and Lemon8. Several of these consistently rank in the top five most downloaded apps on both Android and iOS.
There are also concerns about DeepSeek, a Chinese AI app, and a whole category of Chinese-owned VPN apps that many Americans use thinking they’re protecting their privacy — when they may actually be doing the opposite. A 2025 report found Apple and Google were allowing VPNs owned by Chinese companies on their platforms with almost no transparency about where the data goes.
Now, TikTok is a slightly different case in 2026. Its U.S. operations shifted to a joint venture with Oracle, Silver Lake, and MGX in early 2026, making TikTok technically majority American-owned in the U.S. CapCut and Lemon8 fall under the same arrangement. Whether that’s enough to address the FBI’s concerns is genuinely unclear. The FBI’s warning was issued after that deal was already in place, which tells you something.
Why the FBI Is Actually Worried
This isn’t about the FBI being paranoid. There’s a specific, concrete legal reason for the warning. China’s National Intelligence Law, passed in 2017, includes a line that translates roughly to: “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts.” That’s not vague. That’s the law. Companies operating under Chinese jurisdiction are legally required to hand over user data if the Chinese government asks for it. They have no legal basis to refuse, and there’s no independent court reviewing those requests.
China’s 2021 Data Security Law reinforces this. If a company stores data on servers in China — and many of these apps do — that data is subject to compulsory government access. Period. Some of these apps even state in their own privacy policies that personal information “may be stored on servers in China for as long as developers consider necessary.” That’s indefinite storage with government access built in by law.
What Data These Apps Actually Collect
Here’s where it gets really uncomfortable. According to the FBI, when you grant permission to these apps — sometimes just by tapping “accept” during installation without reading the fine print — the app can persistently collect data throughout your entire device. Not just within the app. Not just while you’re using it. Throughout the whole phone, all the time.
The types of data at risk include your entire contact list — every name, phone number, email address, physical address, and user ID stored in your phone. They can collect your location data, your photos, your messages, and system-level information about your device. And here’s the kicker: several of these apps set aggressive default permissions that most people never bother to review or change.
The contact list issue is a big deal because it means the app isn’t just collecting data about you. It’s mapping your entire social network — who you know, how to reach them, where they live. Intelligence agencies call this social graph mapping, and it’s extremely valuable for targeted operations.
You Don’t Even Have to Download the App to Be Affected
This is the part that really bothers me, and it’s the part most people miss. You don’t have to install TikTok or Temu or Shein for your data to end up in their systems. If your friend, your kid, your coworker, or your neighbor has one of these apps installed and gave it permission to access their contacts, your information is already in that dataset. Your name, your phone number, your email, whatever notes they saved about you in their phone — all of it.
You never agreed to anything. You never tapped “accept.” But your personal information is sitting on a server that the Chinese government can legally access. There’s nothing you can do about what other people have on their phones, but you can control your own device and limit the damage.
Android Users Have an Extra Problem
Android devices are more vulnerable here because of something called sideloading — installing apps from outside the official Google Play Store. It’s easy to do on Android, and it’s how a lot of malware-infected apps get onto people’s phones. The FBI specifically warns that foreign-developed apps may contain hidden malware that can bypass your permissions, exploit system weaknesses, and install backdoors for deeper access.
Google has started rolling out stricter measures to block installations from unknown developers, but if you’ve got apps on your Android phone that didn’t come from the Play Store, you should seriously consider removing them. iPhones are more locked down by default, but they’re not immune — apps from the official App Store can still collect massive amounts of data if you gave them permission.
How to Check What Your Apps Are Doing Right Now
Don’t just take the FBI’s word for it — go look at what your apps are actually accessing. On an iPhone, go to Settings > Privacy & Security and turn on App Privacy Report. This shows you exactly which apps are accessing your camera, microphone, location, and contacts, and how often they’re doing it. You might be shocked. That free photo filter app you downloaded six months ago? It might be pinging your location every hour.
On Android, go to Settings > Security & Privacy > Privacy > Permission Manager. This breaks down access by permission type so you can see every app that has access to your contacts, your camera, your microphone, and your location. Go through each one and ask yourself: does this app actually need this? A shopping app doesn’t need your microphone. A video editor doesn’t need your contacts. Revoke anything that doesn’t make sense.
What to Delete and What to Lock Down
If you have Temu, Shein, CapCut, Lemon8, TikTok Lite, DeepSeek, or any Chinese-developed VPN on your phone and you’re not actively using it every day, delete it. Every unused app is another open door. If you haven’t opened it in months, it has no business sitting on your device collecting background data.
On iPhone: Go to Settings > General > iPhone Storage, tap the app, and tap Delete App. Or just press and hold the app icon on your home screen, tap Remove App, then Delete App.
On Samsung or other Android: Go to Settings > Apps > See all apps, tap the app you want gone, tap Uninstall, and confirm.
For apps you decide to keep — maybe you really love TikTok and aren’t ready to give it up — at minimum lock down the permissions. Restrict location access to “while using” only. Turn off access to your contacts entirely. Keep microphone and camera permissions off unless you’re actively recording. Restrict photo access so the app can only see photos you specifically select, not your entire camera roll.
A Few More Things You Should Do Today
Read the permissions screen before you tap “accept” on any new app. I know nobody does this. Start doing it. If a flashlight app wants access to your contacts and microphone, that’s a red flag the size of a billboard. Don’t install it.
Use a password manager like Bitwarden (free) or 1Password (about $3 a month) to generate strong, unique passwords for every account. If one of these apps gets compromised and you used the same password for your banking app, you’ve got a much bigger problem. Stop reusing passwords.
Keep your phone’s software updated. Those update notifications are annoying, but they often patch the exact types of vulnerabilities that malware exploits. Just do it.
Only download apps from the Apple App Store or Google Play Store. Those stores aren’t perfect, but they run security scans and have developer policies that third-party download sites don’t.
The Bigger Picture
This FBI warning isn’t happening in a vacuum. Texas Attorney General Ken Paxton filed lawsuits against both Shein and Temu in February 2026 over their ties to the CCP. Multiple states have banned DeepSeek from government devices. Republican lawmakers introduced a bill in early 2026 to block CCP-controlled apps from all U.S. government devices. The pressure is building across the board.
But government action is slow, and your phone is exposed right now. You don’t need to wait for Congress to do something. Spend 10 minutes tonight going through your phone, checking your permissions, and deleting apps you don’t use. It’s the single most practical thing you can do, and it costs you nothing.
If you think your data has already been compromised, or you’ve noticed anything weird — unusual data usage, battery draining way faster than normal, apps you didn’t install — file a complaint at www.ic3.gov. Include the app name, the developer, what device you’re using, and what suspicious activity you noticed. The FBI is actively tracking this stuff, and your report matters.
