Apple users of free virtual private networks, or VPNs, may be exposing sensitive data to the Chinese government, as a report by the Tech Transparency Project (TTP) shows that several popular VPN applications continue to operate despite being identified as secretly owned by Chinese entities. The report raises security concerns, as Beijing’s strict information-sharing laws convert apps into potential data goldmines for China’s intelligence agencies. Some of these applications are linked to companies identified by the U.S. as Chinese military firms.
To date, 13 apps from the April 2025 report continue to operate on Apple’s App Store. In some cases, companies have changed the name of identified apps, added new VPNs to the App Store, or offered additional applications. At least 11 also continue to operate on Google’s Android store. As of September 2025, Chinese VPNs available on the Apple App Store include:
X-VPN – Super VPN & Best Proxy
Ostrich VPN – Proxy Master
VPN Proxy Master – Super VPN
Turbo VPN Private Browser
VPNIFY – Unlimited VPN
VPN Proxy OvpnSpider
WireVPN – Fast VPN & Proxy
Now VPN – Best VPN Proxy
Speedy Quark VPN – VPN Proxy
Best VPN Proxy AppVPN
iSharkVPN – Secure & Fast VPN (formerly Wirevpn – Secure & Fast VPN)
Pearl VPN
HulaVPN Pro – Fast Secure VPN
Wiresocks – Secure & Privacy
Chinese-owned VPNs pose a significant threat to users. While Apple and Google have acknowledged the risks, TTP’s reporting shows a major gap in the tech industry’s security practices. Fortunately, consumers can protect themselves by taking several steps when choosing a VPN provider.
To gauge the level of risk these applications pose, you must first understand how they work. Virtual Private Networks mask users’ IP addresses by rerouting their connection through an outside network rather than their internet provider. These tunneled connections are encrypted, so prying eyes can’t access certain security-critical information. Although VPNs don’t guarantee user anonymity, they are a useful tool for security-conscious consumers. Despite their benefits, if a VPN isn’t secure, it can pose serious risks.
For instance, VPNs have unfettered access to a user’s connection, enabling them to potentially track IP addresses, locations, browsing history, and even payment details. Chinese-owned VPNs, in particular, pose significant risks to users’ privacy because Beijing’s compulsory data-sharing laws compel companies to grant their government access to all their user data upon request. The risk of the Chinese government pilfering American data has been at the forefront of U.S. lawmakers’ minds, with legislators attempting to force the sales of popular Chinese-owned applications like TikTok and Grindr. The Biden administration even banned Chinese tech giant Huawei from selling telecommunication equipment.
But VPNs can be even more worrisome due to their high level of access, potentially transforming them into playgrounds for a Chinese cyberwarfare apparatus that continues to target private citizens. China’s Salt Typhoon hacking operation, for example, reportedly gave Beijing unprecedented access to American telecommunications companies, potentially exposing every American to the scheme. VPNs and other consumer applications, for their part, have become an increasingly effective means for China to achieve its cyber geopolitical goals, epitomizing a cybersecurity paradigm that increasingly places consumers at the intersection of cybercrime, geopolitics, and intelligence gathering.
The TTP first broke the story in April 2025, identifying several firms that secretly routed user traffic through Chinese companies. A joint initiative composed of journalists, policymakers, and academics, the organization found that over 20% of the App Store’s top 100 free VPNs fell under this description. The apps used offshore shell companies, foreign proxies, and complex ownership structures to conceal their ultimate identity and location, stretching across global jurisdictions, including the United Kingdom, Belize, Belarus, Singapore, and the Cayman Islands. The connection to Chinese firms — and the data-sharing rules imposed on them — may violate Apple’s app guidelines prohibiting VPNs from selling or disclosing user data to third parties.
As of April 2025, these apps had been downloaded more than 70 million times in the U.S. One case study is particularly enlightening, as several top VPNs were found to be owned by Qihoo 360, a U.S.-sanctioned security provider. Qihoo 360 used a series of foreign-registered companies and proxies to obscure its ownership of several major free VPNs, including VPN Proxy Master, Turbo VPN, Thunder VPN, Snap VPN, and Signal Secure VPN. At least one of these companies, TurboVPN, marketed itself on Meta-owned social media platforms, further entangling the sanctioned company with major Western tech companies.
Although all the apps in the report are free to download, several include in-app purchases and paid subscriptions, meaning that Apple could be profiting from the scheme. For reference, Apple typically takes between 15% and 30% of revenue from in-app purchases. This could have significant implications for apps controlled by sanctioned firms like Qihoo 360.
Apple hasn’t been consistent in policing Chinese VPNs. While Apple has pulled several applications from its store, including two owned by Qihoo 360, at least 13 of the initial 20+ VPNs continue to operate. In addition to the identified VPNs, several developers offer additional apps, including “lite” versions of their VPNs.
One app, Wirevpn – Fast VPN, exemplifies these continued operations. Earlier this year, the VPN changed its name to iSharkVPN – Secure & Fast VPN, using the same name and logo as another VPN service whose website has been active since 2023. The new app retains the same reviews, description, and developer information as its original namesake. Both iShark’s website and the newly minted app list ROCKET NETWORK TECHNOLOGY CO., LTD as the copyright holder and seller, respectively. A deep dive reveals that ROCKET NETWORK TECHNOLOGY CO., LTD. is owned by Zhihua Sheng, a Chinese national residing in China. As noted by TTP, a different app with a similar moniker to iShark’s previous namesake, WireVPN – Fast VPN & Proxy, shared an identical privacy policy.
Interestingly, WireVPN’s developer, WEILAI NETWORK TECHNOLOGY CO., LIMITED, is also owned by a Chinese resident named Zhihua Sheng, who shares the same birthday as the previously mentioned owner. WEILAI NETWORK TECHNOLOGY also offers a previously unreported VPN application, Wiresocks – Secure & Privacy, on the Apple App Store. Both WEILAI and ROCKET NETWORK are listed as dormant companies with £100 of assets, likely indicating their status as shell companies.
Stakeholders have called for Apple to mitigate the risks posed by applications on its store, citing inconsistent enforcement actions and shallow vetting processes that burden consumers with protecting their own information. Unfortunately, VPNs are uniquely difficult to police, especially because Apple doesn’t restrict apps based on country of origin. And while Apple has shuttered VPNs in the past, the persistence of these applications paints a troubling picture for consumers.
This is not to say that VPNs are inherently dangerous. In fact, VPNs are helpful tools for protecting user identities when surfing the web on unsecure or public networks. However, many industry professionals caution against trusting free VPNs. As James Maude of BeyondTrust noted in an interview with Forbes, free VPNs come with “hidden costs”, warning, “If you aren’t paying for a product, you are the product.”
Experts instruct consumers to consider several factors when choosing a VPN. Users should carefully research a VPN before subscribing. As highlighted by this case, a company’s jurisdiction is critical, as it defines the legal protection users are ultimately subject to. Determining this may be difficult, however, as the ultimate owners of free VPNs are often obfuscated. Users should also review the app’s permissions to gauge the types of information an application will access. No-log policies that prohibit the storing of browsing and network data are critical features to consider. Additional security tools like kill switches, encryption tools, and secure protocols are valuable.