Do not install these apps — new FBI warning.

Updated on Apr. 5 with new reports into the FBI’s smartphone warning.

It should be obvious — but unfortunately it’s not. Some of the most popular apps you have likely downloaded on your iPhone or Android smartphone are dangerous. And now the FBI is warning U.S. citizens to stop all such installs.

The bureau’s new Public Service Announcement highlights the “data security risks associated with foreign-developed mobile applications (apps) frequently used in the United States; however, these concerns are global. As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China.”

MORE FROM FORBESDo Not Make These Calls On Your iPhone, Warns AppleBy Zak Doffman

This warning links back to China’s infamous national security laws, which the FBI reminds smartphone users enables “the Chinese government to potentially access mobile app users’ data.” In short, the laws mandate developers based in China do all they can to support the country’s national security imperatives — including sharing data. It’s the same mandate that plagued TikTok ahead of its U.S. split.

Article 7 of China’s National Intelligence Law says: “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.”

While Article 14 is more an issue: “National intelligence work institutions lawfully carrying out intelligence efforts may request that relevant organs, organizations, and citizens provide necessary support, assistance, and cooperation.”

These two clauses taken together are often used to define the risks.

The FBI has not provided a list of Chinese apps or those from developers in other high risk locations. That list would be vast and fluid. Instead, the bureau has issued guidelines for citizens to follow before installing — or not installing — apps.

Per the New York Post, “the warning could apply to a range of widely used apps developed by Chinese firms — including video-editing platform CapCut, shopping apps like Temu and SHEIN, and social media platforms such as Lemon8 — several of which rank among the most downloaded apps in the United States.”

TechRadar has analyzed the current download charts for both iPhone and Android to highlight the implications of the bureau’s PSA. On Android, the second most popular app is TikTok Lite. “headquartered in Singapore and Los Angeles, but a Chinese app in general.” While Temu in fourth place is “Chinese-built.” TikTok itself is in fifth place, followed by PDF & Launcher for Android from Hong Kong."

According to TechRadar, the iOS list "is almost the same, with a few notable differences. It includes a game by Ta Ta Game Technology Limited, an app developer company that does not state where it’s from, at all, as well as a game by a Turkish developer." While the Android risk is higher, given sideloading, iPhone users are far from immune from the risks associated with Chinese downloads.

The FBI says users should be aware “of what user data these apps request access to upon download.” But in reality, these privacy polices are very rarely checked. That’s why so-called permission abuse is such a nightmare for smartphone users. “When access is permitted by the user, the app can persistently collect data and users’ private information throughout the device.”

The data at risk includes contact lists, which could enable those collecting the data in China or elsewhere to build social graphs. In the wrong hands, these are invaluable to nation-state or mercenary hackers, using a hack on one person to socially engineer hacks on one or more higher value targets that they know.

“Some platforms offer the option to invite friends or contacts to use the apps. With default permissions, developer companies can store collected data on users’ private information and address books, such as names, e-mail addresses, user IDs, physical addresses, and phone numbers of their stored contacts.”

The FBI also warns that “some of the apps state that the collected data is stored on servers located in China for as long as the developers deem necessary.” And while there may be settings to stop this data sharing, these are little used. “Some apps do not allow the users to operate the platform unless users consent to data sharing.”

While the focus of this new PSA is the threat to user privacy, the bureau also flags the risk that these foreign-developed apps “may also contain malware that could collect data beyond what is authorized by the user. This could include malicious code and hard-to-remove malware designed to exploit known vulnerabilities in various operating systems and insert a backdoor for escalated privileges.”

The FBI’s warning isn’t a blanket instruction to stop downloading any apps from Chinese developers. But before downloading any such apps, users should check carefully to understand the privacy and data collection policies published in the App Store or Play Store, and then to avoid installing apps with onerous practices. The advice is to stop installing such apps from outside official stores.

MORE FROM FORBESGoogle Issues Android Update—40% Of All Phones Now At RiskBy Zak Doffman

This is a much greater threat to Android over iPhone users, given the openness of the ecosystem and the prevalence of high-risk sideloading. This is why Google is shutting down this risk — to an extent — with blocks on installs from unknown developers at least, many of which will be based overseas. “Official apps stores scan for malicious content, lowering the risk of malware or malicious code.”

Instead, users are urged to check each app they install against the bureau’s guidelines below. Where apps fall foul, users should not install those apps or should delete those already on phones:

Do not install apps from anywhere but official stores;

Read terms of service or end user license agreements before downloading;

Disable unnecessary data sharing;

Change and update passwords regularly; and

Perform regular device software updates.

This article was originally published on Forbes.com