This should be obvious – but unfortunately it’s not. Some of the most popular apps you might download on your iPhone or Android smartphone are dangerous. Now, the FBI is warning U.S. citizens to stop all such installations.
The bureau’s new public service announcement highlights “the data security risks associated with foreign-developed mobile applications (app) is often used in the United States; however, these concerns are global. As of early 2026, many of the most downloaded and highest-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China. “
More from ForbesApple warns not to make these calls on iPhoneZach Dorfman
The warning relates to China’s notorious national security law, which the FBI reminds smartphone users makes it “possible for the Chinese government to access mobile app users’ data.” In short, these laws require developers in China to do whatever they can to support the country’s national security needs — including sharing data. The same task also plagued TikTok before it was spun off in the United States.
The FBI said users should know “what user data these apps are requesting access to when downloading.” But in practice, these privacy policies are rarely examined. This is why so-called permission abuse is a nightmare for smartphone users. “When the user allows access, the app can continuously collect data and the user’s private information across the device.”
Data at risk includes contact lists, which could allow those collecting the data in China or elsewhere to build social graphs. If in the wrong hands, these can be invaluable to nation-states or profit-seeking hackers who use hacking of one person to conduct social engineering hacks against one or more higher-value targets they know.
“Some platforms offer the option to invite friends or contacts to use the application. With default permissions, the development company can store the collected data on the user’s private information and address book, such as storing the contact’s name, email address, user ID, physical address and phone number.”
The FBI also warns that “some apps claim that collected data will be stored on servers located in China for as long as the developer deems it necessary.” While there may be settings to prevent this kind of data sharing, these settings are rarely used. “Some applications do not allow users to operate the platform unless the user agrees to data sharing.”
While this new PSA focuses on threats to user privacy, the bureau also noted that these foreign-developed apps “may also contain malware that may collect data beyond what the user authorizes. This may include malicious code and difficult-to-remove malware designed to exploit known vulnerabilities in various operating systems and insert backdoors to escalate privileges.”
More from ForbesGoogle releases Android update – 40% of phones now at riskZach Dorfman
Given the open nature of the ecosystem and the prevalence of risky sideloading, this is still a bigger threat to Android users than iPhone users. That’s why Google is eliminating this risk to a certain extent by blocking installations from unknown developers, many of whom will be based overseas. “Official app stores scan for malicious content, reducing the risk of malware or malicious code.”
The FBI is asking smartphone users to do the following:
-
Disable unnecessary data sharing;
-
Only download apps from official stores;
-
Change and update passwords regularly;
-
Perform regular device software updates; and
-
Please read the Terms of Service or End User License Agreement before downloading.
This article was originally published on Forbes.com
