The Federal Bureau of Investigation (FBI) has warned iPhone and Android users about potential risks linked to some widely used mobile apps, saying personal data could be collected and stored overseas — even if users have never installed such apps themselves. In an announcement, the agency said foreign-developed apps, particularly those linked to China, may access large amounts of data once permissions are granted. This includes not just user data, but also information from contact lists.In its warning, the FBI also listed possible warning signs that an app may be collecting more data than expected. These include unusual battery drain, higher data usage, or suspicious account activity after installing an app.
Popular apps under scanner
While the FBI did not name specific apps, the warning is believed to apply to several popular platforms developed overseas. Analysts say this could include apps like Shein, CapCut, Temu and Lemon8, which are widely used in the United States.The agency said such apps may continue collecting data even when they are not actively being used.“The app can persistently collect data and users’ private information throughout the device, not just within the app or while the app is active,” the FBI added.
Data risk extends beyond users
The FBI said even people who do not use such apps could be affected. If a friend or family member gives an app access to their contacts, details like names, phone numbers and email addresses could still be collected.“Developer companies can store collected data on users’ private information and address books, such as names, e-mail addresses, user IDs, physical addresses, and phone numbers of their stored contacts,” the FBI said.
What users should do
The agency advised users to be cautious while downloading apps and to limit unnecessary permissions. It also recommended downloading apps only from official app stores and regularly reviewing app permissions.Additionally, users were warned against installing apps from third-party websites, as they may contain malware designed to access personal data.
