Two months have passed since an investigation revealed that over 20 virtual private network (VPN) apps linked to the Chinese military were available on the Apple App Store and Google Play Store. Despite the findings and the potential risk to user privacy and national security, many VPNs are still accessible for download. If you rely on VPNs to protect your privacy online, this ongoing situation may concern you.
The investigation, led by the Tech Transparency Project (TTP) with support from the Financial Times, found that several of these apps were tied to Qihoo 360, a company labelled a “Chinese Military Company” by the United States and sanctioned in 2020. Popular VPN apps such as Turbo VPN, Thunder VPN, VPN Proxy Master, and Signal Secure VPN remain on both app stores. These apps are disguised through layers of offshore shell companies, making it difficult for everyday users to identify the real developers behind them.
Dangerous apps still live despite being flagged
Many of the apps mentioned in the original report are still available today, including Turbo VPN and VPN Proxy Master, which are still listed in both the UK and US versions of the Apple App Store. While Thunder VPN and Signal Secure VPN were reportedly removed from the US App Store at one point, later checks revealed that Thunder VPN was still available. Similar findings were made on the Google Play Store, where all four apps – Turbo VPN, Thunder VPN, VPN Proxy Master, and Signal Secure VPN – were accessible during the latest update.
The TTP also identified 11 other VPN apps with Chinese ties that remained available for download. These include services like X-VPN, Ostrich VPN, VPNIFY, VPN Proxy OvpnSpider, WireVPN, Now VPN, Speedy Quark VPN, Best VPN Proxy AppVPN, HulaVPN, another version of WireVPN, and Pearl VPN. Many of these apps are still found in app stores, posing a potential threat to users unaware of their ownership and data practices.
It’s important to understand that these apps may collect significant user data, including your IP address, browsing activity, location, and device information. Due to Chinese data laws, companies based in China—or tied to Chinese firms—may be required to hand over such data to the government. While there is currently no public evidence that user data has been shared, the risk lies in the possibility that it could happen. The lack of clear no-logs policies further complicates the issue, exposing users.
Why tech giants haven’t taken stronger action
Apple and Google have policies regulating VPN apps on their platforms. Apple’s guidelines require that VPN developers clearly state how user data is handled and strictly prohibit the sale or sharing of that data with third parties. Google’s VPN app policy also demands transparency and user consent when collecting sensitive data. Both companies claim to enforce these policies rigorously.
However, the ongoing presence of these VPNs in both stores suggests otherwise. One explanation could be financial. While the VPNs are free to download, many offer premium upgrades through in-app purchases. Apple typically takes a 30% cut from such purchases, or 15% if the developer is part of its small business programme. Google applies a 15% commission on the first US$1 million of sales, with a 30% charge beyond that. This arrangement means both companies could be earning revenue from deemed risky apps.
When asked to comment, Google stated it is committed to complying with all relevant sanctions and trade laws. It said appropriate action is taken whenever accounts are found violating its policies. Apple responded by saying that it does not control who owns an app, but it enforces strict guidelines for VPN developers. If developers breach these terms, the company promises to act.
What you can do to protect yourself
You are advised to avoid any of the VPNs mentioned in these reports, even if they appear to be widely used or have high ratings. Popularity does not always equal safety. Trusted VPN providers have clear, independently verified no-logs policies and are upfront about who owns and operates them. They do not collect or share your data.
If you’re using one of the apps linked to this report, consider switching to a more reputable alternative. While there are a few trustworthy free VPNs, paid services typically offer better protection and transparency. Reliable reviews and comparison guides can help you make informed choices. The right VPN should keep your data safe—not put it at risk.
