Researchers Warn Free VPNs Could Leak US Data to China

A recent report by the Washington, D.C.-based Tech Transparency Project (TTP) reveals that numerous free Virtual Private Network (VPN) apps, despite earlier warnings, continue to be available on both Apple’s App Store and Google’s Play Store, posing major privacy and national security risks.

According to the organisation’s claims, these apps, many with hidden ties to Chinese companies, could be exposing sensitive user data to the Chinese government. For your information, VPNs are tools designed to create a secure, encrypted connection over the internet, masking a user’s identity and online activity.

However, some users express concern about VPN services owned by Chinese companies due to privacy and data security considerations. Under Chinese national security laws (PDF), companies can be compelled to hand over user data to the government. This is particularly concerning because VPNs have access to a user’s entire web activity, making the data highly sensitive.

TTP’s initial report from April 1, 2025, revealed that over 20 of the top 100 free VPNs on the US Apple App Store in 2024 were linked to Chinese ownership. Many of these apps intentionally concealed their origins through shell companies.

It is worth noting that several apps were connected to Qihoo 360, a Chinese cybersecurity firm that the US has sanctioned due to its alleged links with China’s People’s Liberation Army.

One notable instance involves Autumn Breeze Pte. Ltd., listed as Snap VPN developer on Google Play Store. It asserts “no affiliation with Qihoo 360,” emphasizing a strict “no-log policy.” However, TTP’s research reveals Qihoo 360 acquired Autumn Breeze Pte. Ltd in 2020, and sold it to undisclosed parties after US sanctions. Corporate records for Autumn Breeze continue to list a Chinese director, whose name matches a Chinese national who’d led Qihoo 360’s mobile security unit.

Despite some apps, like Thunder VPN and Snap VPN, being removed from Apple’s App Store after media inquiries, TTP’s follow-up check in early May 2025 confirmed that many Chinese-owned VPNs remain available.

For instance, Turbo VPN and VPN Proxy Master, both linked to Qihoo 360, continue to be offered on Apple’s platform. The Google Play Store also hosts several Qihoo 360-connected apps, including Snap VPN and Signal Secure VPN, alongside other Chinese-owned VPNs like X-VPN and VPNify.

The report further suggests that Apple and Google may be financially benefiting from these potentially risky applications. Many of these free VPNs offer in-app purchases or display advertisements, from which both tech giants take a percentage of revenue (Apple typically charges 30% or 15%, while Google charges 15% up to $1 million in sales and 30% thereafter).

This suggests a financial incentive for the platforms to continue hosting these apps, despite the privacy implications for American users, researchers noted in their blog post shared with Hackread.com.

Screenshot via TTP

Neither Apple nor Google have responded to TTP’s requests for comment on these findings or their policies regarding data sharing by VPNs. Users are advised to exercise caution and thoroughly research the ownership and privacy policies of any VPN service they intend to use.

“Let’s think about how TikTok’s story unfolded: massive reach, secret ownership, and extensive data collection, which may have left U.S. soil but these VPN apps are even more concerning as they don’t just track your preferences; they monitor everything you do online,“ said Chad Cragle, Chief Information Security Officer at Deepwatch.

“When owned by Chinese companies and hidden behind layers of shell companies, it becomes a serious concern. Apple advocates for protecting our privacy, yet these apps are still accessible. Google? They often allow nearly any app on their store,“ claimed Chad.

“It’s time for the platforms to take responsibility and set the example. You can’t claim to prioritize privacy if you’re letting other parties control the playbook. If they don’t properly scrutinize these apps, they’re not just passively allowing it, they’re helping to create the problem. And let’s be honest, this isn’t just about privacy; it’s about national security, too,“ he emphasised.