Are your apps secretly stealing your data? FBI issues massive warning for iPhone and Android users

United States’ Federal Bureau of Investigation (FBI) has released a Public Service Announcement (PSA) warning users about the dangers of installing some potentially dangerous apps on Android and iPhones. In the announcement, the FBI warned about the risks associated with downloading foreign-developed mobile apps, especially those based in China.

Why is the FBI warning about Chinese mobile apps?

The FBI says that apps that maintain digital infrastructure in China are subject to the country’s national security laws, which enable the Chinese government to potentially access mobile app users’ data.

For instance, Article 7 of China’s National Intelligence Law states, “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.”

Meanwhile, another Article 14 notes, “National intelligence work institutions lawfully carrying out intelligence efforts may request that relevant organs, organizations, and citizens provide necessary support, assistance, and cooperation.”

The FBI also warned users about the data these apps request upon downloading. Once access is granted by users, the FBI says the app can “persistently collect data and users’ private information throughout the device, not just within the app or while the app is active.”

What data can Chinese apps collect?

The FBI says that some platforms can also offer the option to invite friends or contacts to use the apps. This could entail developer companies storing collected data on users’ private information and address books such as email addresses, user IDs, physical addresses, and phone numbers of their stored contacts.

“This permission gives the apps access to a host of personal information belonging to both users and non-users in their contact lists,” the FBI noted.

Another risk that the FBI highlighted relates to where user data is stored. The agency notes that the privacy policies of some apps explicitly state that this collected data is stored on servers located in China. While other apps allow users a local, cloud-free version that prevents data sharing, some others require users to consent to data sharing in order to operate the platform at all.

A third area that the FBI warns about is apps containing malware, which could even collect data beyond what is authorised by users.

“This could include malicious code and hard-to-remove malware designed to exploit known vulnerabilities in various operating systems and insert a backdoor for escalated privileges, such as enabling the download and execution of additional malicious packages designed to provide unauthorized access to users’ data,” the FBI warned.

The FBI went on to warn that downloading these apps from unfamiliar websites or third-party app stores runs a higher risk of embedding malware. It noted that official app stores scan for malware content, which potentially reduces the risk of malicious code reaching mobile devices.

How to protect your data:

The FBI says to mitigate these risks and maintain good cyber hygiene, you should follow a few precautions: