Apple and Google are facing scrutiny over the presence of several popular “private browsing” virtual private network (VPN) apps on their respective app stores, operated by a company with ties to Qihoo 360, a Chinese cybersecurity firm blacklisted by the U.S. government.
A report by the Tech Transparency Project (TTP), corroborated by Financial Times findings, reveals that at least five free VPNs – Turbo VPN, VPN Proxy Master, Thunder VPN, Snap VPN, and Signal Secure VPN – are linked to Shanghai-listed Qihoo 360, now known as 360 Security Technology. Qihoo was sanctioned by the U.S. in 2020 for alleged links to the Chinese military.
The TTP report warns that “millions of Americans are inadvertently sending their internet traffic to Chinese companies” via these apps. VPNs, while designed to enhance user privacy and bypass geographical restrictions, grant operators access to users’ internet activity. Chinese national security laws mandate that companies cooperate with state intelligence and share data upon request.
Following inquiries from the Financial Times, Apple removed Thunder VPN and Snap VPN from its App Store. However, other Qihoo-linked apps remain available. According to Sensor Tower estimates, three of these apps have garnered over 1 million downloads on Apple’s App Store and Google’s Play Store combined in 2024.
These VPN apps are operated by Singapore-based Innovative Connecting, owned by Cayman Islands-based Lemon Seed Technology. Qihoo 360 acquired Lemon Seed and related entities in 2020, prior to U.S. sanctions. Qihoo later claimed to have sold these assets, but its Guangzhou-based subsidiary, Guangzhou Lianchuang Technology, which employs the apps’ developers, maintains ties to the company.
Developers at Guangzhou Lianchuang confirmed their work on the VPNs and acknowledged a complex relationship with Qihoo. Recruitment listings indicate the company’s apps have a significant global user base and that they are actively monitoring user data.
Apple and Google have policies that prohibit unauthorized data collection or sharing by VPN apps. However, experts like Matthew Green from Johns Hopkins University highlight the difficulty in enforcing these policies, given the broad access VPNs have to user data.
Apple and Google have responded by stating their commitment to compliance and user safety. Apple emphasized its App Store rules do not restrict app ownership based on nationality, while Google highlighted its efforts to verify VPN app safety. Innovative Connecting declined to comment on the accuracy of the report, while Qihoo and related parties did not respond to requests for comment.
