The FBI issued a stark warning this week: the apps on your phone may be putting your personal data at risk if they were developed outside of the U.S. And there's a good chance you have no idea it's happening.
As of early 2026, the FBI asserts that many of the most downloaded and top-grossing apps in the U.S. are developed and maintained by foreign companies, particularly those based in China. The FBI didn't name names, but the origin of apps like Temu and DeepSeek isn't exactly a mystery.
However, the issue goes beyond where an app is developed. Apps that maintain servers in China are subject to China's extensive national security laws, which enable the Chinese government to potentially access users' data, according to the FBI. Specifically, China's 2017 National Intelligence Law requires any organization or citizen to support, assist, and cooperate with state intelligence work, and companies don't get to opt out.
What the FBI is worried about
The potential risks the bureau outlines fall into two categories: aggressive data collection and malware.
On data collection, the situation is worse than most people assume. Once a user grants permissions, some apps may continue collecting private information even when the app is closed. That persistent access can include your address book, which is a big deal. It's not just your information; you are also giving up the names, phone numbers, email addresses, and physical addresses of your family, friends, and business associates. Your contacts didn't agree to any of this, but their information is now fair game.
Some apps state that collected data, including personal information and user prompts, are stored on servers for as long as the developers deem necessary. And in some cases, you can't use the app at all unless you consent to data sharing; it's an all-or-nothing proposition.
In addition, according to the FBI, apps may contain malicious code, backdoors, and additional downloaded packages designed to expand access to a victim's device and data. If you download apps from anywhere other than official app stores, your risk is much higher.
Unfortunately, neither the Google Play Store nor the Apple App Store makes it easy to identify where a developer is based. In most cases, you have to dig through a privacy policy or track down a company website. Even then, the information can be vague, misleading, or missing entirely.
Keep tabs on your installed apps
If you want to reduce your exposure, check what your apps are doing with the permissions you gave them. On iPhone, turn on App Privacy Report under Settings > Privacy & Security. It shows you which apps are accessing your camera, microphone, location, and contacts – and how often. On Android, go to Settings > Security & Privacy > Privacy > Permission Manager to see access broken down by permission type. Revoke any permissions that aren't essential to what the app actually does.
While the FBI's warning was specifically about foreign apps, the advice for staying safe is standard digital hygiene that applies to any app, regardless of where it was developed. Only download from official app stores, which have built-in malware detection tools and developer policies. Always check what permissions you're granting when you install an app and don't agree if you're not comfortable. And keeps tabs on your installed apps – if you don't like what an app is doing with your data, delete it.
Read next: How to Tell if an Email Has Been Spoofed
[Image credit: Suzanne Kantra/Techlicious via ChatGPT]
