The United States’ Federal Bureau of Investigation (FBI) recently issued a Public Service Announcement (PSA) warning iPhone and Android users about the dangers of installing certain potentially dangerous apps. The FBI warned about the risks associated with downloading foreign-developed mobile apps, especially those based in China.
Why is the FBI warning about Chinese mobile apps?
The FBI says that apps that maintain digital infrastructure in China are subject to the country’s national security laws, which enable the Chinese government to potentially access mobile app users’ data.
For instance, Article 7 of China’s National Intelligence Law says, “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.”
Meanwhile, another Article 14 says, “National intelligence work institutions lawfully carrying out intelligence efforts may request that relevant organs, organizations, and citizens provide necessary support, assistance, and cooperation.”
The FBI also warned users about the data these apps request upon downloading. Once users grant access, the FBI says the app can “persistently collect data and users’ private information throughout the device, not just within the app or while the app is active.”
What data can Chinese apps collect?
The FBI says that some platforms can also offer the option to invite friends or contacts to use the apps. This could entail developer companies storing collected data on users’ private information and address books, including email addresses, user IDs, physical addresses, and phone numbers for their stored contacts.
“This permission gives the apps access to a host of personal information belonging to both users and non-users in their contact lists,” the FBI noted.
Another risk the FBI highlighted related to where user data is stored. The agency notes that the privacy policies of some apps explicitly state that this collected data is stored on servers located in China. While other apps offer users a local, cloud-free version that prevents data sharing, others require users to consent to data sharing in order to operate the platform at all.
A third area the FBI warned about was apps containing malware that could even collect data beyond what was authorised by users.
“This could include malicious code and hard-to-remove malware designed to exploit known vulnerabilities in various operating systems and insert a backdoor for escalated privileges, such as enabling the download and execution of additional malicious packages designed to provide unauthorized access to users’ data,” the FBI warned.
The FBI warned that downloading these apps from unfamiliar websites or third-party app stores carries a higher risk of twitter-tweetding malware. It noted that official app stores scan for malware, which potentially reduces the risk of malicious code reaching mobile devices.
How to protect your data
FBI says to mitigate these risks and maintain good cyber hygiene, you should follow a few precautions:
- Disable unnecessary data-sharing permissions within app settings.
- Only download verified apps from official app stores.
- Read the terms of service or end-user licence agreements before downloading.
- Perform regular device software updates.
- Change and update passwords regularly.
