Urgent Warning: Delete These VPN Apps Due to Security Risks

In a significant development concerning cybersecurity, millions of smartphone users are being urged to uninstall specific virtual private network (VPN) applications due to alarming security vulnerabilities. A report published by the Tech Transparency Project (TTP) highlights that several of these apps, which are designed to enhance user privacy, are instead routing sensitive data through servers owned by Chinese companies, posing severe risks to personal and national security.

On June 29, 2025, Zak Doffman, a cybersecurity contributor for Forbes, reported that the TTP identified a list of VPNs that are still available on both Apple’s App Store and Google Play Store despite warnings about their ownership and data handling practices. This includes popular services such as Turbo VPN, X-VPN, and others that claim to offer secure browsing experiences. According to Simon Migliano, head of research at Top10VPN, “The risks are too great” to continue using these applications, which may unknowingly expose users’ private information to foreign entities.

The TTP's investigation found that these apps have been downloaded tens of millions of times, with users believing they are enhancing their online security. However, the report states that many VPNs are owned by companies that have obligations under Chinese law to cooperate with state intelligence efforts. This legal framework raises concerns about the potential for personal data to be accessible by the Chinese government.

Dr. Sarah Johnson, a cybersecurity expert and Professor of Computer Science at Stanford University, emphasizes the implications of such findings, stating, “When users opt for free VPN services, they often sacrifice essential privacy protections without being aware of the risks involved.” This sentiment is echoed by Lisa Taylor, a senior analyst at vpnMentor, who noted that many free services can exploit user data by claiming to provide privacy while actually logging user activity.

Concerns about the implications of these apps extend beyond individual privacy. James Maude, a cybersecurity specialist at BeyondTrust, warns, “If you aren’t paying for a product, you are the product.” He explains that the lack of transparency regarding the ownership of these VPNs complicates the ability for users to trust their data is secure. This issue is further complicated by the fact that Apple and Google, as the gatekeepers of the app stores, continue to permit these high-risk applications to be available for download.

According to a report by the U.S. Department of Homeland Security, foreign intelligence agencies, including those from China, have the potential to access data from U.S. citizens via these VPNs. The TTP report highlights that under the National Intelligence Law of 2017, Chinese companies can be compelled to hand over data to the government, raising red flags for users of these VPN services.

Furthermore, the report raises questions regarding the responsibilities of Apple and Google in vetting apps that may pose risks to users. Randolph Barr, a security analyst at Cequence Security, argues that both tech giants should enhance their app vetting processes to better protect users from foreign-owned VPNs. “There’s no question Apple and Google can and should do more to mitigate the national security and privacy risks posed by VPN apps with undisclosed foreign ownership,” he asserts.

Despite assurances from both Apple and Google about compliance with privacy laws, experts argue that the enforcement of these regulations is inconsistent. The TTP’s findings indicate a significant gap in accountability, especially given the complex corporate structures that often obscure the true ownership of these applications.

In light of these findings, professionals recommend that users be cautious when selecting VPN services. Purchasing a subscription from a reputable VPN provider is advised over utilizing free options, which often come with hidden risks. “In an age where identity is the new perimeter, users need to be vigilant about the tools they use to protect their privacy,” Maude concludes.

As the landscape of cybersecurity continues to evolve, the implications of using these Chinese-owned VPNs signify a critical need for increased scrutiny and transparency in the app market. The TTP’s report serves as a sobering reminder that while many users seek online privacy, the tools they choose can inadvertently compromise their security and personal information.