SecureMac, Inc.

Checklist 418: VPNs, the App Store, and the Chinese Army

April 4, 2025

VPNs in app stores aren’t always safe—some are tied to China’s military. Free isn’t always better. Research before you trust.

VPNs, the App Store, and the Chinese Army

Checklist 418: VPNs, the App Store, and the Chinese Army

AI-Powered VPN Advice Isn’t Always the Whole Truth, Experts Warn

As AI-driven assistants like DuckDuckGo’s new feature begin offering cybersecurity advice, experts caution users not to take responses about VPNs at face value. A recent discussion raised concerns that while AI-generated answers can accurately define virtual private networks (VPNs), they often gloss over critical nuances — including the trustworthiness of the VPN provider itself.

What AI Says — and What It Misses

DuckDuckGo’s assistant offered a textbook definition of a VPN: “a service that creates a secure, encrypted connection over the internet between your device and a remote server.” The information was reportedly sourced from Microsoft and NordVPN — a respected name in the industry.

But while the technical explanation is sound, it paints an overly rosy picture. As noted in the podcast discussion, “a VPN is only as trustworthy as the company or organization behind it.” Well-known providers like TunnelBear, NordVPN, ExpressVPN, and ProtonVPN are generally regarded as safe — but the discussion emphasized this trust is provisional, based on current public knowledge.

The Facebook VPN Debacle: A Cautionary Tale

The podcast revisited a striking example of misplaced trust: Facebook’s now-defunct VPN service, Onavo. Originally developed by a mobile analytics startup acquired by Facebook in 2013, Onavo was marketed as a way to protect user activity. However, a 2018 CNET report revealed that the app served as a data collection tool for Facebook.

According to CNET, users unknowingly permitted Onavo — and thus Facebook — to monitor their activity across apps. The app’s App Store listing openly disclosed that Facebook used this data to “improve its products and services” and identify new consumer trends.

This controversial practice underscored a key point: the presence of “VPN” in a product name doesn’t guarantee privacy.

The Logging Myth and VPN Reality

Citing How-To Geek, the discussion also tackled common misconceptions about VPNs — especially the myth that VPNs don’t collect data. While many claim to be “no-log” services, the reality is more complex. Due to the nature of internet connections, VPNs must log some data, at least temporarily. The real question is how long they retain this information and what they do with it.

Tom’s Guide was also referenced, explaining that VPNs reroute traffic through their own servers rather than those of your ISP, creating a private tunnel. This setup is meant to block prying eyes — including hackers, ISPs, and government agencies — but that only holds true if the VPN provider isn’t itself acting as a “nosy third party.”

Modern Risks in a Misleading App Ecosystem

Today’s AI tools still describe VPNs as universally secure, failing to account for historic breaches of trust like Facebook’s. Meanwhile, questionable VPNs continue to surface in app marketplaces — a trend that makes user vigilance more critical than ever.

Chinese Military-Linked VPNs Found in Apple’s App Store, Reports Say

An alarming investigation reveals that Apple’s App Store hosted multiple VPN apps tied to a company affiliated with the Chinese military, raising serious national security and privacy concerns. Reports from AppleInsider, 9to5Mac, and the Financial Times, drawing on findings by the Tech Transparency Project, have highlighted a disturbing oversight in app store vetting practices — particularly for software designed to protect user privacy.

The Illusion of Security: What VPNs Claim to Do

Virtual Private Networks (VPNs) are widely promoted as tools to protect internet users from surveillance, data collection, and malicious interception. As described in the reports, VPNs are designed to guard against “man-in-the-middle attacks using fake public Wi-Fi hotspots,” and ensure that ISPs and mobile carriers can’t track browsing behavior.

But, as these same sources warn, “VPNs are only as trustworthy as the companies behind them.” And in this case, some of those companies are now raising red flags at the highest levels.

One in Five Top VPNs in the App Store Owned by Chinese Firms

The Tech Transparency Project, with support from the Financial Times, analyzed the top 100 free VPN apps in Apple’s U.S. App Store in 2024. Their research found that:

  • 20% were owned by Chinese companies
  • At least five were directly tied to Qihoo 360, a firm labeled by the U.S. Defense Department as a “Chinese Military Company”

Qihoo 360 is no stranger to U.S. scrutiny. According to AppleInsider, the company:

  • Was identified in a 2015 article in the China Daily as serving the People’s Liberation Army and eight government ministries
  • Was sanctioned by the U.S. in 2020 for posing a “significant risk” to national security
  • Is currently on the U.S. Commerce Department’s Entity List, limiting its access to U.S. exports

This means that millions of users who believed they were safeguarding their privacy may have been unwittingly routing their web traffic through infrastructure tied to a foreign military power.

VPNs in Question: The Five Named Apps

The five VPN apps identified with known links to Qihoo 360 are:

  • Turbo VPN
  • VPN Proxy Master
  • Thunder VPN
  • Snap VPN
  • Signal Secure VPN (not affiliated with the Signal messaging app)

The issue isn’t exclusive to Apple — these apps are reportedly available on the Google Play Store as well. But as the podcast points out, the presence of such apps on Apple’s tightly controlled platform comes as a greater surprise: “We expect more from Apple, don’t we?”

Still Available — Despite the Findings

Despite public reporting and the sensitive national security implications, not all of the flagged VPNs have been removed. As of the last 24 hours, three — Turbo VPN, VPN Proxy Master, and Thunder VPN — were still available on the App Store. Only Snap VPN and Signal Secure VPN appeared to be delisted.

This continued availability raises critical questions about Apple’s app review and compliance process, especially given the platform’s historically strict control over privacy and security standards.

Free VPNs, Chinese Military Ties, and the Limits of Apple’s “Walled Garden”

Amidst an era of relentless global headlines, revelations that Apple’s App Store hosted VPNs with ties to China’s military might have slipped under the radar — but experts warn, the implications for digital privacy are too important to ignore.

The Illusion of Safety in the App Store

The latest discussion from a privacy-focused podcast challenges a common consumer assumption: if it’s in the App Store, it must be safe. Unfortunately, recent findings contradict that belief. While Apple’s App Store is one of the most tightly controlled digital marketplaces, its security is not infallible. As the podcast points out, “the walls around Apple’s walled garden aren’t magic.”

The presence of VPN apps with links to Qihoo 360, a company identified by the U.S. government as affiliated with the Chinese military, reveals the vulnerabilities of app store oversight. The story, based on investigative work by the Tech Transparency Project and the Financial Times, was first covered by AppleInsider and 9to5Mac.

Choosing a VPN: Cost vs. Credibility

So how can users make safer VPN choices? According to the podcast, the answer lies in balancing purpose, reputation, and cost. Referencing a Tom’s Guide article on VPN functionality, the podcast highlights that not all VPNs are created equal — some specialize in digital privacy, others in streaming access or ease of use.

The VPNs discovered in the App Store controversy were part of a survey of the top 100 free VPNs — and it’s the “free” part that may have lured users in. However, TechRadar warns in a related piece that free VPNs typically come with serious drawbacks:

  • Limited server access
  • Slower speeds due to overcrowding
  • Strict data caps

Still, not all free VPNs are malicious or useless. TechRadar, PCMag, Tom’s Guide, PCWorld, and ZDNet each maintain carefully curated lists of free VPNs they consider reasonably safe — though not necessarily ideal. The advice is clear: pay if you can — and if you must go free, do your homework.

The Real Takeaway: Trust but Verify

The podcast delivers a passionate plea: “Don’t just take the first free thing in the App Store. We beg you.” Whether free or paid, a VPN is only as trustworthy as the people behind it. Cost alone is not a guarantee of integrity, and a glossy app listing doesn’t equal a clean privacy record.

Users are encouraged to:

  • Seek multiple sources when choosing a VPN
  • Research provider reputations and user experiences
  • Understand the trade-offs between cost, speed, and privacy
Filed under Security News, The Checklist Podcast by SecureMac

Latest Security News

Get the latest security news and deals