Centralized app stores, like Apple’s App Store and Google Play Store, give the impression that apps come from a single, safe destination, despite developers being worldwide. Recently, the FBI issued a caution regarding foreign-developed apps, emphasizing potential threats to user privacy and security. But, is that a valid concern? Let’s explore.
Are you using any popular apps from China?
On March 31, the FBI released a warning regarding security risks linked to mobile applications originating from foreign developers often used in the U.S.
The FBI specifically criticized apps from central China, steering clear of naming all the suspects. However, some popular apps that may come to mind include:
- TikTok: This app, owned entirely by ByteDance from Beijing, has often been under scrutiny.
- Pinduoduo and Shane: Both are Chinese-owned online shopping platforms. Pinduoduo belongs to Shanghai’s PDD Holdings, while Shane was established by Chris Xu, who relocated his headquarters from China to Singapore a few years back. Talks suggest he might move it back to China for an IPO.
- Capcut: Another ByteDance product, this mobile editing tool is aimed at enhancing TikTok video creativity.
- Xiao Hongshu: An alternative to TikTok that’s garnered some attention in the U.S. after TikTok’s venture was launched, also hails from Shanghai.
- Tencent: Located in Shenzhen, this company controls the popular messaging app WeChat and has stakes in various American gaming ventures, such as Epic Games and FromSoftware.
Essentially, many apps and games that American users enjoy have ties to Chinese companies and, by extension, the government.
Warnings about old threats
The FBI’s alert highlighted the risks tied to downloading apps from Chinese firms, bringing up the concern of mass data collection by these companies that may jeopardize privacy through surveillance.
It’s important to remember that while this warning is fresh, foreign apps have always had substantial capabilities for gathering user data. This has prompted both Apple and Google to require “Privacy Nutrition Labels” for all third-party apps in their stores.
How to review an app’s “Privacy Nutrition Label”
To safeguard against invasive data collection, it’s crucial to understand the information an app accesses and how it processes this data. You can usually find this in the “Privacy Nutrition Label” on each app’s page.
Think of these labels like nutrition labels on food—they reveal the hidden details embedded in your favorite apps.
For instance, if you look at TikTok on iOS or Android and scroll down, you’ll find a section called “App Privacy” on iPhones and “Data Safety” on Androids, clearly outlining the data the app collects and how it relates to your identity.
To illustrate, TikTok gathers a considerable amount of personal detail, like location, contact numbers, search and browsing histories, device IDs, and even your usage patterns. All of this data helps shape user profiles and fuels TikTok’s algorithms. While this information is currently stored on U.S. Oracle servers due to a business arrangement, it was previously kept on servers impacted by China’s Communist Party.
How to protect against intrusive apps
The invasive data collection practices are precisely why former President Trump pushed for a deal to store TikTok’s user data in the U.S. Without such measures, China could continue to collect and monetize information on American users for its own gains.
Yet, TikTok is only one of many Chinese apps that can gather personal information without users being fully aware. So what can you do to protect yourself? Here are a few tips:
- Always review apps before downloading. Don’t just install anything. Investigate the app’s terms and privacy policy, and check reviews to ensure the app and its creators are trustworthy.
- Limit app permissions so they access only what’s necessary for functionality. Avoid enabling location, camera, or microphone access unless needed, and refrain from sharing any sensitive information.
- Keep your software updated to fix potential security vulnerabilities and ensure your device is protected.
Ultimately, exercising good judgment is your best line of defense. Only download apps that are essential; otherwise, using a web browser to access services can be a safer alternative.
