In a public service announcement (PSA) released through its Internet Crime Complaint Center (**IC3**) platform, the **FBI** highlights the risks associated with foreign-developed mobile applications. The warning focuses on the potential for these apps to compromise user privacy and data security. ### Data Collection Concerns The **FBI** notes that many popular apps in the United States are developed and maintained by foreign companies, especially those based in China. "As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China," the bureau stated in its advisory. The core concern revolves around China's national security laws, which could grant the Chinese government access to user data collected by these apps. This includes continuous data collection, even when users grant permissions only while the app is actively in use. Apps may also collect extensive information by default, such as contact details (names, phone numbers, email addresses, user IDs, and physical addresses). ### Data Storage and User Consent The **FBI** emphasizes that privacy policies often state that collected data, including personal information and system prompts, is stored on servers located in China for as long as the developers deem necessary. Furthermore, some apps require users to consent to data sharing to even use the platform. ### Mitigation Strategies To safeguard data and privacy, the **FBI** recommends the following steps: * Turning off unnecessary data sharing permissions. * Regularly updating device software. * Downloading verified apps only from official app stores. While the **FBI** advises changing passwords regularly, security experts generally recommend using a password manager like **Bitwarden** or **1Password** to generate and store strong, unique passwords. Frequent password changes can lead to users choosing weaker, easier-to-remember passwords, making them vulnerable to brute-force attacks. ### Reporting Suspicious Activity The **FBI** urges individuals who suspect their data has been compromised or who have noticed suspicious activity after installing a foreign-developed mobile app to report the incidents through its **IC3** platform. ### Background Context This announcement follows China's transfer of operational control of **TikTok's** U.S. business in early 2026 to a majority American-owned joint venture led by **Oracle**, **Silver Lake**, and **MGX**. This move was intended to avoid a potential ban in the U.S. following a 2024 law requiring parent company **ByteDance** to divest the platform due to national security concerns. [](https://hubs.li/Q048zztN0) ## [Automated Pentesting Covers Only 1 of 6 Surfaces.](https://hubs.li/Q048zztN0) Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other. This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.