Latest news with #Qihoo360
Tom's Guide
4 days ago
- Business
- Tom's Guide
VPNs with Chinese military links still available on Google Play and Apple App Store 2 months after being discovered
Back in April, an investigation found several potentially dangerous VPNs listed on the Apple App Store and Google Play Store. The discovery didn't concern any of the best VPNs – these providers are reputable and safe – but over 20 VPNs were found to have links to the Chinese military and posed a risk to anyone who downloaded them. The Tech Transparency Project (TPP) was behind the investigation, with the Financial Times also contributing to the report. Two months later, the TPP has found that many of these dangerous VPN apps remain on app stores – and Apple and Google may even be profiting from these apps that put the data of Americans, and national security, at risk. The true ownership of these VPNs is deliberately confusing. Layers of offshore shell companies obscure the actual owners and hide their Chinese links. The company Qihoo 360 was revealed as the owner of at least five apps. Qihoo 360 has previously been declared a "Chinese Military Company" and was sanctioned by the US in 2020. Turbo VPN, VPN Proxy Master, Thunder VPN, Snap VPN, and Signal Secure VPN were at least five of the VPNs that were connected to Qihoo 360. Qihoo 360 is not listed as the app's developer, but the TPP's earlier investigation traced app ownership back to the company. The TPP reported that Thunder VPN and Snap VPN had been removed from the US Apple App Store, but Tom's Guide saw Thunder VPN listed. In its new update, the TPP reported that Thunder VPN had now been removed, along with Signal Secure VPN. However, at the time of writing, Tom's Guide found that Thunder VPN was still present on both the UK and US Apple App Store, along with Turbo VPN and VPN Proxy Master. The TPP reported that 11 other Chinese-linked VPNs also remained on the Apple App Store. These VPNs were: X-VPN, Ostrich VPN, VPNIFY, VPN Proxy OvpnSpider, WireVPN, Now VPN, Speedy Quark VPN, Best VPN Proxy AppVPN, HulaVPN, Wirevpn, and Pearl VPN. The TPP reported that Turbo VPN, VPN Proxy Master, Snap VPN, and Signal Secure VPN were all found on the US Google Play Store, as well as seven other Chinese-linked VPNs. These were: X-VPN, Speedy Quark VPN, vpnify, Ostrich VPN, VPN Proxy OvpnSpider, HulaVPN, and VPN Proxy AppVPN. Tom's Guide also confirmed that at the time of writing Turbo VPN, Thunder VPN, VPN Proxy Master, Signal Secure VPN were all present on the US Google Play Store. But it also confirmed that Snap VPN was present, contrary to what the TPP found. Chinese data laws mean the government can demand companies share data with them. The absence of a verified no-logs policy results in copious amounts of user data being collected and stored by these VPNs. Data can include IP addresses, browsing activity, device identifiers, and location. The sharing of this data with the Chinese government can pose a serious risk to Americans and, in the worst case, a US national security risk. Currently there is no evidence to suggest a serious threat, but how much American data has been accessed is unknown. The fact collection can take place, and potentially be exploited, is a cause for concern. It isn't just Chinese-owned VPNs that are a threat. There are numerous dangerous and fake VPNs out there – owned and operated by countries all over the world. US-based big tech giants, such as Apple and Google, have equally poor privacy credentials. They collect data from millions of Americans and are more than happy to pass it on to governments. All the VPNs discussed are free to download, but many offer in-app purchases and provide the option to upgrade to premium plans. Subscriptions can be taken out by the user and this means Apple and Google could be taking a cut of any in-app purchases made. Apple states that it takes a 30% cut of in-app purchases (15% for those enrolled in its small business program). Google charges 15% for sales up to $1 million and 30% for anything above that. Apple's App Review Guidelines say "apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy." Google Play also has a VPN app policy which states a VPN service cannot be used to "collect personal and sensitive user data without prominent disclosure and consent." Tom's Guide approached both Apple and Google for comment. A Google spokesperson said: "Google is committed to compliance with applicable sanctions and trade compliance laws." "When we locate accounts that may violate these laws, our related policies or Terms of Service, we take appropriate action." "Google Play is committed to protecting user privacy and providing a safe and secure environment for our users." "Apps that are deceptive, malicious, or intended to abuse or misuse any network, device, or personal data are strictly prohibited." Apple told us it doesn't limit an app's ownership and it has strict guidelines for VPN app developers. It said VPN apps must clearly state what user data is collected, if any, and how it will be used. No data must be disclosed to third parties, and developers must commit to this in their privacy policies. Apple said that it is in full compliance with regulations and the law. If it finds a developer breaking any rules, action will be taken against them. Two months after first highlighting the dangers of these apps, we can continue to advise you to stay away from them. Despite being popular, these VPNs should not be downloaded or used. Every VPN we recommend on Tom's Guide is reputable, safe, and won't put your data at risk. We look for, and analyze, no-logs policies to ensure they don't collect, store, and share your data. Verified no-logs policies are a must-have for the leading and most secure VPNs, and Windscribe's recent court case showed just how important they are. You shouldn't always trust the number of app store downloads or reviews a VPN app has and our range of guides can help you make an informed VPN decision. Not all free VPNs are dangerous. The best free VPNs will protect your data with the same level of encryption as their paid counterparts and are covered by the same no-logs policies. We'd also recommend a paid VPN over a free one. But if a free VPN is all you can manage, the providers we recommend will protect you and your online activity. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Economic Times
13-06-2025
- Economic Times
Your VPN might be spying for China: Watchdog flags 17 apps with hidden ties on Apple and Google stores
A new report by the Technology Transparency Project warns that 17 VPN apps, available on major app stores, may be secretly linked to Qihoo 360, a Chinese cybersecurity firm under U.S. sanctions. Experts fear user data could be accessed by Chinese authorities under China's broad surveillance laws. Tired of too many ads? Remove Ads How are these VPNs tied to China? Why is Qihoo 360 a concern? Tired of too many ads? Remove Ads Which VPN apps were flagged earlier? What are Apple and Google doing about it? Tired of too many ads? Remove Ads FAQs Think your VPN is keeping you anonymous? Think again. A major watchdog report just revealed that 17 popular VPN apps available on Apple and Google stores might be quietly handing over your data with links pointing straight to to a report released on Thursday by the Technology Transparency Project, the firm involved may have discreet links to China, where the government can monitor all user report claims that 17 apps, six from Apple's App Store, four from Google Play Store, and seven from both, have hidden connections to China, as quoted in a report by NBC News.A new report by the Technology Transparency Project warns that 17 VPN apps, available on major app stores, may be secretly linked to Qihoo 360 , a Chinese cybersecurity firm under U.S. 360 is a firm sanctioned by the U.S. Commerce Department in 2020 for potential links to the Chinese military. While the apps don't explicitly name Qihoo, corporate filings and company records suggest they are operated by shell companies acquired by Qihoo in 2019, as per a are mainly utilized to safeguard a user's privacy by complicating a website's ability to identify its visitors, or to bypass censorship restrictions. However, if a VPN provider does not implement substantial measures to automatically and permanently erase its users' search histories, it is probable that the company will retain logs of its clients' online is especially significant if the company is Chinese, since national legislation requires that intelligence and law enforcement agencies can access any personal data stored there without a Katie Paul explained that VPNs carry unique risks since they reroute all of a user's internet activity through their servers. If those servers are controlled or accessed by Chinese-linked firms, it means user data, including sensitive work information and browsing habits, could end up in Beijing's Sherman, a senior fellow at the Atlantic Council focusing on data privacy, informed that utilizing a VPN owned by China would be equivalent to surrendering one's browsing history to Beijing, as per a report by NBC News. Experts fear user data could be accessed by Chinese authorities under China's broad surveillance TTP, a technology-oriented branch of the Campaign for Accountability, an investigative nonprofit aimed at uncovering "corruption, negligence, and unethical conduct," released a report on Chinese VPN applications on April 1. TTP reports that several of the VPNs are indirectly tied to Qihoo applications are all virtual private networks, or VPNs, enabling a user to route their internet traffic through a company's internet service. Names such as VPNify, Ostrich VPN, and Now VPN do not explicitly indicate any connections to China or Chinese ownership in the app Qihoo 360 isn't listed as the direct developer, many apps are operated by entities like Lemon Seed, Autumn Breeze, and Innovative Connecting all tied to Qihoo via Chinese and Cayman Islands quickly removed three apps purportedly connected to Qihoo 360: Thunder VPN, Snap VPN, and Signal Secure VPN. Turbo VPN and VPN Proxy Master, both accessible on the Google Play Store, along with three additional options provided by Google, remain availableThe findings raise important questions about who really controls these "free" VPN services and what happens to your data when you trust the wrong if it logs your data and shares it with third parties especially if it's tied to governments with wide surveillance all, but many free VPNs have vague ownership and poor privacy policies. Always research the company behind the app.
Time of India
12-06-2025
- Business
- Time of India
VPN apps spying for China: Your VPN might be spying for China: Watchdog flags 17 apps with hidden ties on Apple and Google stores
How are these VPNs tied to China? Why is Qihoo 360 a concern? ADVERTISEMENT Which VPN apps were flagged earlier? ADVERTISEMENT ADVERTISEMENT What are Apple and Google doing about it? FAQs Think your VPN is keeping you anonymous? Think again. A major watchdog report just revealed that 17 popular VPN apps available on Apple and Google stores might be quietly handing over your data with links pointing straight to to a report released on Thursday by the Technology Transparency Project, the firm involved may have discreet links to China, where the government can monitor all user report claims that 17 apps, six from Apple's App Store, four from Google Play Store, and seven from both, have hidden connections to China, as quoted in a report by NBC News.A new report by the Technology Transparency Project warns that 17 VPN apps, available on major app stores, may be secretly linked to Qihoo 360 , a Chinese cybersecurity firm under U.S. 360 is a firm sanctioned by the U.S. Commerce Department in 2020 for potential links to the Chinese military. While the apps don't explicitly name Qihoo, corporate filings and company records suggest they are operated by shell companies acquired by Qihoo in 2019, as per a are mainly utilized to safeguard a user's privacy by complicating a website's ability to identify its visitors, or to bypass censorship restrictions. However, if a VPN provider does not implement substantial measures to automatically and permanently erase its users' search histories, it is probable that the company will retain logs of its clients' online is especially significant if the company is Chinese, since national legislation requires that intelligence and law enforcement agencies can access any personal data stored there without a Katie Paul explained that VPNs carry unique risks since they reroute all of a user's internet activity through their servers. If those servers are controlled or accessed by Chinese-linked firms, it means user data, including sensitive work information and browsing habits, could end up in Beijing's Sherman, a senior fellow at the Atlantic Council focusing on data privacy, informed that utilizing a VPN owned by China would be equivalent to surrendering one's browsing history to Beijing, as per a report by NBC News. Experts fear user data could be accessed by Chinese authorities under China's broad surveillance TTP, a technology-oriented branch of the Campaign for Accountability, an investigative nonprofit aimed at uncovering "corruption, negligence, and unethical conduct," released a report on Chinese VPN applications on April 1. TTP reports that several of the VPNs are indirectly tied to Qihoo applications are all virtual private networks, or VPNs, enabling a user to route their internet traffic through a company's internet service. Names such as VPNify, Ostrich VPN, and Now VPN do not explicitly indicate any connections to China or Chinese ownership in the app Qihoo 360 isn't listed as the direct developer, many apps are operated by entities like Lemon Seed, Autumn Breeze, and Innovative Connecting all tied to Qihoo via Chinese and Cayman Islands quickly removed three apps purportedly connected to Qihoo 360: Thunder VPN, Snap VPN, and Signal Secure VPN. Turbo VPN and VPN Proxy Master, both accessible on the Google Play Store, along with three additional options provided by Google, remain availableThe findings raise important questions about who really controls these "free" VPN services and what happens to your data when you trust the wrong if it logs your data and shares it with third parties especially if it's tied to governments with wide surveillance all, but many free VPNs have vague ownership and poor privacy policies. Always research the company behind the app.
Time of India
12-06-2025
- Time of India
Your VPN might be spying for China: Watchdog flags 17 apps with hidden ties on Apple and Google stores
A new report by the Technology Transparency Project warns that 17 VPN apps, available on major app stores, may be secretly linked to Qihoo 360, a Chinese cybersecurity firm under U.S. sanctions. Experts fear user data could be accessed by Chinese authorities under China's broad surveillance laws. Tired of too many ads? Remove Ads How are these VPNs tied to China? Why is Qihoo 360 a concern? Tired of too many ads? Remove Ads Which VPN apps were flagged earlier? What are Apple and Google doing about it? Tired of too many ads? Remove Ads FAQs Think your VPN is keeping you anonymous? Think again. A major watchdog report just revealed that 17 popular VPN apps available on Apple and Google stores might be quietly handing over your data with links pointing straight to to a report released on Thursday by the Technology Transparency Project, the firm involved may have discreet links to China, where the government can monitor all user report claims that 17 apps, six from Apple's App Store, four from Google Play Store, and seven from both, have hidden connections to China, as quoted in a report by NBC News.A new report by the Technology Transparency Project warns that 17 VPN apps, available on major app stores, may be secretly linked to Qihoo 360 , a Chinese cybersecurity firm under U.S. 360 is a firm sanctioned by the U.S. Commerce Department in 2020 for potential links to the Chinese military. While the apps don't explicitly name Qihoo, corporate filings and company records suggest they are operated by shell companies acquired by Qihoo in 2019, as per a are mainly utilized to safeguard a user's privacy by complicating a website's ability to identify its visitors, or to bypass censorship restrictions. However, if a VPN provider does not implement substantial measures to automatically and permanently erase its users' search histories, it is probable that the company will retain logs of its clients' online is especially significant if the company is Chinese, since national legislation requires that intelligence and law enforcement agencies can access any personal data stored there without a Katie Paul explained that VPNs carry unique risks since they reroute all of a user's internet activity through their servers. If those servers are controlled or accessed by Chinese-linked firms, it means user data, including sensitive work information and browsing habits, could end up in Beijing's Sherman, a senior fellow at the Atlantic Council focusing on data privacy, informed that utilizing a VPN owned by China would be equivalent to surrendering one's browsing history to Beijing, as per a report by NBC News. Experts fear user data could be accessed by Chinese authorities under China's broad surveillance TTP, a technology-oriented branch of the Campaign for Accountability, an investigative nonprofit aimed at uncovering "corruption, negligence, and unethical conduct," released a report on Chinese VPN applications on April 1. TTP reports that several of the VPNs are indirectly tied to Qihoo applications are all virtual private networks, or VPNs, enabling a user to route their internet traffic through a company's internet service. Names such as VPNify, Ostrich VPN, and Now VPN do not explicitly indicate any connections to China or Chinese ownership in the app Qihoo 360 isn't listed as the direct developer, many apps are operated by entities like Lemon Seed, Autumn Breeze, and Innovative Connecting all tied to Qihoo via Chinese and Cayman Islands quickly removed three apps purportedly connected to Qihoo 360: Thunder VPN, Snap VPN, and Signal Secure VPN. Turbo VPN and VPN Proxy Master, both accessible on the Google Play Store, along with three additional options provided by Google, remain availableThe findings raise important questions about who really controls these "free" VPN services and what happens to your data when you trust the wrong if it logs your data and shares it with third parties especially if it's tied to governments with wide surveillance all, but many free VPNs have vague ownership and poor privacy policies. Always research the company behind the app.
Yahoo
12-06-2025
- Business
- Yahoo
Your VPN could be giving your browsing data to China, watchdog says
Using a free app to hide your internet traffic? The company behind it could be quietly tied to China, where the government maintains the ability to surveil all user data, according to a report published Thursday by the Technology Transparency Project. The report accuses 17 Apps — six on Apple's App Store, four on the Google Play Store and seven on both — of having undisclosed ties to China. In several cases, the TTP linked the app developers to a prominent Chinese cybersecurity company, Qihoo 360, which is under U.S. government sanctions. The apps are all virtual private networks, or VPNs, which allow a user to divert their internet traffic through a company's internet connection. With names like VPNify, Ostrich VPN and Now VPN, none of them make overt references to China or Chinese ownership on the app stores. VPNs are primarily used to either protect a user's privacy by making it harder for a website to know who's visiting them, or to skirt around censorship measures. But unless a VPN company takes significant steps to automatically and permanently delete its users' search histories, a company is likely to keep records of its customers' internet activity. That is particularly notable if the company is Chinese, as national law there stipulates that intelligence and law enforcement agencies do not need a warrant to view any personal data that is stored there. 'VPNs are of particular concern because anyone using a VPN has the entirety of their online activity routed through that application,' said Katie Paul, the TTP's director. 'When it comes to Chinese-owned VPNs, that means this data can be turned over to the Chinese government based on China's state laws,' Paul said. Justin Sherman, a nonresident senior fellow at the Atlantic Council who studies data privacy, told NBC News that using a Chinese-owned VPN would be tantamount to handing over one's browsing history to Beijing. 'Capturing data via a VPN could let the Chinese government see everything from websites a person is reading that criticize the Chinese state, to the corporate databases and private portals that person might pull up (and then log into) on the internet for work,' he said. The TTP, a tech-focused arm of the Campaign for Accountability, an investigative nonprofit that seeks to expose 'corruption, negligence, and unethical behavior,' previously published a report on Chinese VPN apps on April 1. Apple soon took down three of the apps with alleged ties to Qihoo 360: Thunder VPN, Snap VPN and Signal Secure VPN. The other apps — Turbo VPN and VPN Proxy Master, which are also available on the Google Play Store, as well as three others that Google offers — are all still available. None of the apps are listed as being developed directly by Qihoo 360. Instead, they are developed by Singapore-based companies including Lemon Seed, Lemon Clove, Autumn Breeze and Innovative Connecting. The TTP cited business filings in China that show Qihoo 360 saying it had acquired those companies in 2019, and Corporate registration documents for those companies in the Cayman Islands from March that all list the director as a Chinese citizen who is a top Qihoo 360 employee. NBC News reached out to developers listed for the 17 apps. Only two claimed not to have ties to China or Qihoo 360. Autumn Breeze, the developer of Snap VPN, which Apple previously removed but is still available on the Google Play store, told TTP it has "no affiliation with Qihoo 360" despite those registration documents, and claims it does not "record, monitor, or retain any user online activity." "Autumn Breeze fails to explain clear connections to the sanctioned PLA-linked entity that are detailed in publicly available documents," Paul told NBC News. The other is WireVPN, where an employee claimed in an email to NBC News that the company is 'an independent service' with 'no ties to Chinese entities or government organizations.' 'We are neither affiliated with Qihoo 360 nor any other PRC-based enterprises, and our operations are entirely autonomous,' the employee said. However, WireVPN's privacy policy makes clear that users are expected to adhere to Chinese law and bans them from 'Violating the basic principles established by the Chinese Constitution' and 'Violating the traditional virtues of the Chinese nation, social morality, rational morality, and socialist spiritual civilization.' Qihoo 360 didn't respond to a request for comment. But China Daily, a state-run newspaper, has reported that its cybersecurity clients include the Chinese military and 'at least eight ministries' of the Chinese government. In a 2016 press release, the company seemed to indicate it was in the VPN business, saying 'Qihoo 360 also provides users with secure access points to the Internet via its market leading web browsers and application stores.' Both Apple and Google declined to address the specific apps that TTP highlighted as tied to Qihoo 360 and told NBC News that they follow U.S. laws regarding sanctions. Neither bans VPN app developers simply for following Chinese law. Peter Micek, general counsel at Access Now, a tech policy and human rights advocacy nonprofit, told NBC News that he was surprised to see the tech companies had potentially overlooked a sanctioned company offering apps under innocuous developer names. 'It seems like this project has done the homework and due diligence that Apple and Google should have done, and it does seem like those ties would constitute indirect contact with, transactions with folks who are sanctioned,' he said. Tech companies can sometimes face significant fines for violating sanctions, Micek said. Sanctions are put in place by the federal government as a penalty on foreign entities and individuals, preventing U.S. companies and individuals from doing business with them. They are often imposed after a foreign entity or individual is shown to have conducted some sort of condemned behavior or have links to condemned groups, such as cybercriminals or terrorist organizations. Qihoo 360 faced sanctions from the Commerce Department in 2020, which said the company could become involved in supplying materials to the Chinese military. The sanctions prevent American companies from exporting technology or software to Qihoo 360. It's not clear if app stores hosting apps tied to Qihoo could be in violation of those sanctions. The Commerce Department did not respond to a request for comment. This article was originally published on
