Apple's App Store used to host free VPN apps with ties to China military

AppleInsider

The App Store hosted a number of VPN apps with ties to a Chinese military-affiliated company sanctioned by the US, with millions of downloads between them all.

An iPhone on a Chinese flag

Users are often warned of the dangers of the Internet, with privacy issues prompting some to sign up for a VPN service. While there are many legitimate iPhone VPN services on the market, some have been found to be a potential national security risk.

A report from research group Tech Transparency Project looked into the top 100 free virtual private network (VPN) services offered in the App Store to users in the U.S. in 2024. In tracing the corporate ownership of each, the investigation found that one in five were owned by Chinese companies.

Chinese companies are obligated under Chinese national security laws to hand over the browsing data of users.

A bigger issue for the report is that several apps were traced to Qihoo 360, a firm that the U.S. Defense Department deems to be a "Chinese Military Company." A 2015 article from the Chinese Daily revealed that customers fo Qihoo 360 included the People's Liberation Army and at least eight Chinese government ministries.

Qihoo 360 was sanctioned by the U.S. in June 2020 on national security grounds, due to the "significant risk" associated with the company and its connection to the Chinese military. The company was also placed on the U.S. Commerce Department's Entity List, which prevents it from receiving U.S. exports unless it obtains a license beforehand.

Innovative Connecting is an app producer under the control of Qihoo 360 and is behind a number of VPNs, the ownership of which is obfuscated by a network of companies. Its products include the free VPN apps VPN Proxy Master and Thunder VPN, along with SnapVPN, Signal Secure VPN, and Turbo VPN.

Apple and Qihoo 360 declined to respond to the report's producers.

Undermining security

The discovery of Chinese ownership of numerous VPN apps is concerning for users, and potentially a problem for Apple itself.

Highlighting Apple's reputation for privacy and security, Campaign for Accountability executive director Michelle Kuppersmith believes the report shows users could be more exposed using the apps than they may be aware of.

Referring to it as a "national security nightmare," Kuppersmith believes Apple should take immediate steps to ensure users know which apps are owned by Chinese companies.

Kuppersmith adds that the report's findings reveal Apple's vetting process for the App Store is not sufficient enough for purpose.

Apple's guidelines that app developers must follow for inclusion in the App Store mentions that VPN services should not "sell, use, or disclose" any data to third parties. However, given Chinas's laws concerning VPNs and browsing data, it seems the guideline is being ignored in these cases.

China's persistent need to be able to monitor its citizens, and potentially people from other countries too, has put Apple in a difficult situation as a paragon of privacy that still follows China's laws that go against it.

As for the report's impact, it doesn't seem to have moved the needle with Apple yet. AppleInsider checked the iOS App Store, and found all five named Qihoo 360 VPNs still available to download.

A history of allowance

While it is unclear whether Apple is allowing the questionable VPNs to exist in the App Store because it doesn't wish to push back against China, it's not the only instance where China's laws have interfered with Apple's plans.

The slow rollout of Apple Intelligence into China is in part due to Apple needing to have a local partner, to abide by Chinese laws. This has led to a situation where Alibaba, the Chinese retail giant working with Apple on the service, will be censoring results to meet legal restrictions.

Apple has also previously abided by orders from the Chinese government to pull VPNs from the regional App Store that didn't meet local laws. In 2017, this included foreign VPN services that didn't comply with cybersecurity laws, forcing Chinese user data to be stored on Chinese servers.

Apple CEO Tim Cook has repeatedly advised that Apple will abide by the regulations of any country in which it operates. Even if it sometimes goes against its own principles.



Read on AppleInsider

farago

Western countries are idiots.

That this comes as a surprise is just pathetic—of course the Chinese military is going to do everything it can to spy on the West.

- Chinese hackers stole trillions in intellectual property theft (https://www.cbsnews.com/news/chinese-hackers-took-trillions-in-intellectual-property-from-about-30-multinational-companies/)
- Zoom is deeply in bed with the Chinese military

- China's human rights record is right up there with Hitler's

The CCP is a heinous regime with whom we should not be engaging.
Apple needs to get out of China and show some moral leadership.

daalseth

What’s the old saw: If you aren’t paying for a service, YOU are the product.
Free VPNs should be viewed with utter distrust. They have to pay for the servers and bandwidth somehow. If you aren’t paying for it, then they are selling your data to someone to pay for it.

robin huber

I assume any Chinese app or hardware device is insecure. 

daalseth

robin huber said:

I assume any Chinese app or hardware device is insecure. 

In the case of these apps you wouldn’t necessarily have known. They had to dig into the ownership chain to figure it out. There was a report that came out yesterday that a number of the large investors in SpaceX are Chinese front companies. They work very hard to hide.

mark fearing

The USA is likely the largest spy on the internet. US technology is likely laced with support for US spying, and tech companies are under orders to turn over pretty much anything deemed 'dangerous' to the state which of course is a constantly evening definition.  The funny thing is when it comes to Space X investors ETC - capitalism has no morals, no ethics. Making money is seen by many as defendable at any cost, and the US. Supreme Court gives almost mystical power to capitol - it is equaled to 'free speech'. So money talks and everyone has to listen. Greed wins. Than many act surprised when it happens.

loopless

Farago said:

Western countries are idiots.

That this comes as a surprise is just pathetic—of course the Chinese military is going to do everything it can to spy on the West.

- Chinese hackers stole trillions in intellectual property theft (https://www.cbsnews.com/news/chinese-hackers-took-trillions-in-intellectual-property-from-about-30-multinational-companies/)
- Zoom is deeply in bed with the Chinese military

- China's human rights record is right up there with Hitler's

The CCP is a heinous regime with whom we should not be engaging.
Apple needs to get out of China and show some moral leadership.

Yeah....China..... Where masked police just grab people off the street , don't charge them with any crimes , then ship them off to a detention facility in the middle of nowhere and make it impossible for their lawyers to contact them. Just like Hitler's regime.  Or maybe you are confusing it with another country.

phaseangle

loopless said:

 Or maybe you are confusing it with another country.

I think that is actually a very long list

mrstep

DAalseth said:

What’s the old saw: If you aren’t paying for a service, YOU are the product.
Free VPNs should be viewed with utter distrust. They have to pay for the servers and bandwidth somehow. If you aren’t paying for it, then they are selling your data to someone to pay for it.

Yeah, haven't Google and Facebook run skeezy VPNs that were collecting user data as well - IIRC at least in the Facebook case also playing man-in-the-middle to scrape page data?

if you aren't paying for it, you're paying for it.