Zoonop

17 VPN Apps Linked to Chinese Military-Tied Firm Remain on Major App Stores

Image for 17 VPN Apps Linked to Chinese Military-Tied Firm Remain on Major App Stores

The Tech Transparency Project (TTP) has revealed that numerous Virtual Private Network (VPN) applications available on Apple's App Store and Google Play Store maintain undisclosed ties to a firm linked to the Chinese military. This finding, initially reported on April 1, 2025, and updated in June, raises significant data privacy and national security concerns for millions of users. The core issue stems from China's national data laws, which could compel these companies to disclose sensitive user information to the Chinese government.

VPNs are designed to protect user privacy by routing internet traffic through secure servers, but their inherent nature means they handle all user online activity. According to Katie Paul, TTP's director, > "When it comes to Chinese-owned VPNs, that means this data can be turned over to the Chinese government based on China’s state laws." Justin Sherman, a nonresident senior fellow at the Atlantic Council, further warned that using a Chinese-owned VPN is "tantamount to handing over one’s browsing history to Beijing."

A central entity in TTP's investigation is Qihoo 360, a Chinese cybersecurity company sanctioned by the U.S. Commerce Department in 2020 due to its alleged ties to the Chinese military. While Qihoo 360 is not listed as a direct developer, TTP's research uncovered connections through shell companies in Singapore, the Cayman Islands, and Hong Kong, such as Lemon Seed and Autumn Breeze. These opaque ownership structures make it difficult for users to discern the true origin of the apps.

Following TTP's initial report, Apple removed some Qihoo 360-linked apps, including Thunder VPN and Snap VPN. However, TTP's latest findings indicate that many others, such as Turbo VPN and VPN Proxy Master, persist on both Apple and Google's platforms. Michelle Kuppersmith, executive director of Campaign for Accountability, questioned this inaction, suggesting that "the large profits Apple and Google make from their app stores have anything to do with this inaction." Some of these apps, like X-VPN, have generated over $10 million in revenue from U.S. users.

The continued availability of these VPNs poses a substantial risk, as China's National Intelligence Law of 2017 mandates that organizations and individuals cooperate with state intelligence work. This could grant Chinese authorities access to sensitive personal and corporate data. Despite Apple's guidelines prohibiting VPN apps from selling or disclosing user data, the legal obligations of Chinese companies create a direct conflict, leaving millions of users unknowingly vulnerable.