Latest news with #TechTransparencyProject
Forbes
4 hours ago
- Forbes
Delete Every App That's On This List—‘Risks Are Too Great'
You should never use these apps on your phone. Republished on June 28 with new national security warnings over use of these apps. Tens of millions of Android and iPhone users are being warned they have installed free apps that leave them at serious risk. Those users could now be sending their sensitive data to companies under the control of the Chinese government. Earlier this week, I reported on the list of iPhone and Android apps issued by the Tech Transparency Project (TTP). These are all VPNs — virtual private networks. Apps which are meant to make users safer and more secure but are doing the very opposite. 'Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies,' TTP says. It last reported on this threat in April, and now says 'Apple and Google app stores continue to offer private browsing apps that are surreptitiously owned by Chinese companies… six weeks after they were identified.' A raft of warnings now have followed that report, urging users to delete the apps. 'The risks are too great' to keep them on your phone, warns Top10VPNs Simon Migliano. 'In light of these findings, I strongly urge users to avoid Chinese-owned VPNs altogether." For its part, Google says it is "committed to compliance with applicable sanctions and trade compliance laws. When we locate accounts that may violate these laws, our related policies or Terms of Service, we take appropriate action.' While Apple makes similar assurances, and says it enforces App Store rules but does not differentiate its handling of apps by the location of their developers. It does say where VPNs are concerned that data sharing with third parties is prohibited. vpnMentor's Lisa Taylor says this is 'no surprise,' that "China usually uses different methods to gain other countries' citizen's personal information, most of which are often covered behind a legal front.' And that 'free VPNs are perfect cover up to these kind of operations,' often recording user activity even when they say they don't. BeyondTrust's James Maude agrees. 'If you aren't paying for a product, you are the product. These VPN services are a perfect example of the hidden costs of free apps where users seeking more privacy online are potentially unknowingly feeding data to a foreign nation state out of fear their local coffee shop Wi-Fi is spying on them.' While Black Duck's Vijay Dilwale calls TTP's report 'a sobering wake-up call that VPNs, which claim to protect privacy, can pose very serious security risks, especially when their true ownership is hidden. These apps have access to all user traffic, and when handled by Chinese-based entities, the implications are well beyond individual privacy.' TTP reports that all of the VPNs it has identified "are listed as free in the app stores. But during TTP's May spot check, researchers observed that some of the VPNs offered in-app purchases on top of whatever users get with the 'free' app.' This lack of transparency, Taylor told me, 'is one of the main reasons why we do not recommend free VPNs and we are concerned that with all the content restrictions throughout the world, people are flocking to free VPNs.' Migliano says "true internet freedom and privacy depend on transparency and trust. Yet despite being made aware of glaring privacy failures and opaque corporate structures, Google and Apple continue to permit these high-risk apps on their platforms.' There are also some more serious national security concerns that have been raised. The nature of these apps on devices with obscure geographical locations and ownership is a major issue when it comes to those handling sensitive data or making their locations. Cequence Security's Randolph Barr warns 'there's no question Apple and Google can and should do more to mitigate the national security and privacy risks posed by VPN apps with undisclosed foreign ownership, particularly those tied to hostile nation-states.' Which raises a question around an added layer of app store security. 'While they have frameworks in place for data protection and transparency,' Barr told me, 'enforcement is often inconsistent or delayed, especially when developers obscure their true ownership through complex corporate structures. Conducting deeper vetting requires significant legal, technical, and geopolitical effort, something these platforms have been slow to scale.' This leaves a vacuum others may need to fill. Barr suggests the following mitigating actions, and says if they can't be handled at app store level, they must be done by organizations needing to control such risks: Deepwatch's Chad Cragle has issued the same warning. 'When owned by Chinese companies and hidden behind layers of shell companies, it becomes a serious concern. Apple advocates for protecting our privacy, yet these apps are still accessible. Google?' Cragle says 'they often allow nearly any app on their store. It's time for the platforms to take responsibility and set the example. You can't claim to prioritize privacy if you're letting other parties control the playbook. If they don't properly scrutinize these apps, they're not just passively allowing it—they're helping to create the problem. And let's be honest, this isn't just about privacy; it's about national security, too.' Here is the list of apps from TTP's report: Apple App Store: Google Play Store: The Android app vpnify is also in TTP's report, but has now relocated outside China and has contacted TTP to update its information and to be removed from the report.
Forbes
a day ago
- Forbes
Porn Ban Warning For Millions Of iPhone And Android Users
Porn bans are more dangerous than you think. There's a new warning for smartphone users. Free apps with hundreds of millions of installs are now putting users, devices and data at risk. And this problem is about to get worse, with millions more certain to install those apps within weeks as a new porn ban goes into effect, putting more iPhone and Android users in danger. We're talking VPNs and a new report that says many of the top free apps on both Apple's App Store and Google's Play Store are secretly sending data to China. Free VPNs are dangerous, but two events have turned many of these apps into viral blockbusters. The first was the short-lived TikTok ban in the U.S., which saw a VPN surge even if using VPNs did not actually solve the problem — those apps are still on phones today. The second is ongoing and more widespread and is set for a new surge. We're talking porn bans and the age or identity verification checks required to access the world's most popular websites. Multiple U.S. states have now jumped on this bandwagon, resulting in many U.S. users installing VPNs for the first time. As the Tech Transparency Project warns, 'millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies.' And if the political push to introduce a national U.S. porn ban is successful, this will get much worse. VPNs — virtual private networks — route all online traffic to and from a device via a third-party server. The risk is that the wrong type of VPN is more dangerous than no VPN at all. And while users in plenty of places around the world cannot access the free internet without these location and identity masking tools — that's not the case anywhere in the U.S. At least not before these porn bans started to come into effect. But unlike the TikTok ban, VPNs easily bypass porn restrictions, tricking the websites into thinking you're in a different location not subject to any bans or requiring any form of verification. But while it's easy to skirt the rules, you could be putting your device and your data at risk, sending all your traffic to a shady foreign server. Now the U.K. is set to do the same. A month from now — on July 25 — it will mandate the same government approved age verification before users can access porn sites. Per BBC News, 'Pornhub and a number of other major adult websites have confirmed they will introduce enhanced age checks for users from next month. Parent company Aylo says it is bringing in 'government approved age assurance methods' but has not yet revealed how it will require users to prove they are over 18.' The U.K.'s controversial Online Safety Bill will 'bring pornography into line with how we treat adult services in the real world,' say the regulator charged with enforcing the new laws, warning that 'recent research indicated 8% of children aged 8-14 in the UK had visited an online porn site or app over a 28-day period.' Porn is more popular than ever on mobile devices, which are more at risk from free VPNs than other devices. It's all too easy to install a free app from even the official stores without asking how the app is being funded or who operates the service. As BeyondTrust's James Maude told me, 'if you aren't paying for a product, you are the product. These VPN services are a perfect example of the hidden costs of free apps.' The advice on VPNs is simple:
Forbes
2 days ago
- Forbes
Delete Every Free App On This List—‘Risks Are Too Great'
You should never use these apps on your phone. Tens of millions of Android and iPhone users are being warned they have installed free apps that leave them at serious risk. Those users could now be sending their sensitive data to companies under the control of the Chinese government. Earlier this week, I reported on the list of iPhone and Android apps issued by the Tech Transparency Project (TTP). These are all VPNs — virtual private networks. Apps which are meant to make users safer and more secure but are doing the very opposite. 'Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies,' TTP says. It last reported on this threat in April, and now says 'Apple and Google app stores continue to offer private browsing apps that are surreptitiously owned by Chinese companies… six weeks after they were identified.' A raft of warnings now have followed that report, urging users to delete the apps. 'The risks are too great' to keep them on your phone, warns Top10VPNs Simon Migliano. 'In light of these findings, I strongly urge users to avoid Chinese-owned VPNs altogether." For its part, Google says it is "committed to compliance with applicable sanctions and trade compliance laws. When we locate accounts that may violate these laws, our related policies or Terms of Service, we take appropriate action.' While Apple makes similar assurances, and says it enforces App Store rules but does not differentiate its handling of apps by the location of their developers. It does say where VPNs are concerned that data sharing with third parties is prohibited. vpnMentor's Lisa Taylor says this is 'no surprise,' that "China usually uses different methods to gain other countries' citizen's personal information, most of which are often covered behind a legal front.' And that 'free VPNs are perfect cover up to these kind of operations,' often recording user activity even when they say they don't. BeyondTrust's James Maude agrees. 'If you aren't paying for a product, you are the product. These VPN services are a perfect example of the hidden costs of free apps where users seeking more privacy online are potentially unknowingly feeding data to a foreign nation state out of fear their local coffee shop Wi-Fi is spying on them.' While Black Duck's Vijay Dilwale calls TTP's report 'a sobering wake-up call that VPNs, which claim to protect privacy, can pose very serious security risks, especially when their true ownership is hidden. These apps have access to all user traffic, and when handled by Chinese-based entities, the implications are well beyond individual privacy.' TTP reports that all of the VPNs it has identified "are listed as free in the app stores. But during TTP's May spot check, researchers observed that some of the VPNs offered in-app purchases on top of whatever users get with the 'free' app.' This lack of transparency, Taylor told me, 'is one of the main reasons why we do not recommend free VPNs and we are concerned that with all the content restrictions throughout the world, people are flocking to free VPNs.' Migliano says "true internet freedom and privacy depend on transparency and trust. Yet despite being made aware of glaring privacy failures and opaque corporate structures, Google and Apple continue to permit these high-risk apps on their platforms.' Here is the list of apps from TTP's report: Apple App Store: Google Play Store: The Android app vpnify is also in TTP's report, but has now relocated outside China and has contacted TTP to update its information and to be removed from the report.
Forbes
4 days ago
- Forbes
Delete All Apps On Your Phone That Are On This List
Why you need to delete these apps. getty It's one of the most outlandish threats facing smartphone users today. Apps that you think make your phone safer and more secure actually put you, your device and your data at risk. Now a new list has been released of apps you should delete. Your smartphone is already at risk from Chinese attacks. That's where the organized criminal gangs behind the plague of unpaid toll and DMV texts are based, outside the reach of U.S. law enforcement, operating at industrial scale with impunity. Forbes Millions More Windows Users Get Microsoft's Free Upgrade Offer By Zak Doffman And Chinese operators are also behind this new list of dangerous apps. Earlier this year, I reported on the warning that a raft of VPNs were secretly sending user data to China. That came courtesy of the Tech Transparency Project (TTP)'s warning that 'millions of Americans are inadvertently sending their internet traffic to Chinese companies — including several tied to the People's Liberation Army" and one blacklisted by the U.S. Those dangerous VPNs which masked their Chinese ownership could be found on both Apple's App Store and Google's Play Store, operating in something of a grey area and calling into question whether app screening is anywhere near rigorous enough. VPNs route or 'tunnel' all your internet traffic via servers controlled by the VPN operator. This should mask your location and the websites you're accessing from anyone monitoring your local traffic, the VPN server acts as a dead end. But because the VPN receives all your traffic, it is critical that the operator behind the service is trusted and transparent. This is why I advise all users only to use paid VPNs from well-known western brands. No free apps. No Chinese apps. Period. Now TTP is back with a follow-up, a 'spot check' to determine if 'Apple and Google still have a Chinese VPN problem.' TL;DR — yes they do, says the research team. "Apple and Google app stores continue to offer private browsing apps that are surreptitiously owned by Chinese companies," TP warns. 'Chinese-owned VPNs raise serious privacy and security concerns [given] Chinese companies can be forced to share user data with the Chinese government under the country's national security laws." TTP has released a list of '13 China-owned VPN apps identified by TTP that remain available in the Apple App Store' and '11 China-owned VPN apps identified by TTP that are available in the Google Play Store.' Given these are security apps, you should not be using anything Chinese-owned which may send all your data to or even through China — that's very clear-cut. Even if those apps were not masking their ownership, that advice would not change. Here are the apps — if you have any on your phone, you should delete them. Apple App Store: X-VPN - Super VPN & Best Proxy Ostrich VPN - Proxy Master VPN Proxy Master - Super VPN Turbo VPN Private Browser VPNIFY - Unlimited VPN VPN Proxy OvpnSpider WireVPN - Fast VPN & Proxy Now VPN - Best VPN Proxy Speedy Quark VPN - VPN Proxy Best VPN Proxy AppVPN HulaVPN - Best Fast Secure VPN, Wirevpn - Secure & Fast VPN Pearl VPN Google Play Store: Turbo VPN - Secure VPN Proxy VPN Proxy Master - Safer Vpn X-VPN - Private Browser VPN Speedy Quark VPN - VPN Master vpnify - Unlimited VPN Proxy Ostrich VPN - Proxy Unlimited Snap VPN: Super Fast VPN Proxy Signal Secure VPN - Robot VPN VPN Proxy OvpnSpider HulaVPN - Fast Secure VPN VPN Proxy AppVPN Forbes Delete This Message From Apple Or Google—It's An Attack By Zak Doffman There is no suggestion all these apps intercept or monitor user data, albeit that's a clear risk. This warning is based on the nature of VPNs, the geographical location of the developers, China's national security laws and the advice to use blue-chip VPNs. I have reached out to Apple and Google for any comments on the new report.
BBC News
19-06-2025
- Business
- BBC News
Print and shoot: how 3D-printed guns are spreading online
3D-printed guns could become "the weapon of choice" for criminals and violent extremists around the world, an expert has told the BBC. These DIY, untraceable firearms have been recovered in several recent criminal cases, including the alleged use of a partially 3D-printed gun in the killing of United Healthcare CEO Brian Trending has investigated the global spread of 3D-printed guns across social media platforms including Telegram, Facebook and Instagram, as well as websites offering how-to guides. 3D-printed guns, often described as a type of "ghost" gun, are untraceable firearms that can be assembled using a 3D printer, downloadable blueprints and some basic materials. Designed to evade gun-control laws, the technology has advanced rapidly in the last decade, with the latest models capable of firing multiple rounds without their plastic components to Nick Suplina of Everytown, a US-based gun control organisation, 3D-printed guns could become the "weapon of choice" for people planning acts of violence: "The materials have gotten better, the cost has gone down, and the ease of access of these blueprints is at a high," he said. BBC Trending's investigation began with advertisements for guns on Instagram and Facebook. In October 2024, the Tech Transparency Project, a non-profit that monitors technology companies, found hundreds of gun ads - including for 3D-printed and other ghost guns - appearing on Meta's platforms, in violation of its declined to comment on the findings at the time. Several months later, BBC Trending found similar gun adverts still showing as active in Meta's ad database. Many of these gun adverts directed potential customers to Telegram or WhatsApp channels. On Telegram, we found channels displaying a variety of guns for sale. Some of these appeared to be 3D-printed. One Telegram account with over 1,000 subscribers claimed to ship weapons Trending contacted the account, which called itself "Jessy", to confirm whether it would be willing to break the law by shipping 3D-printed guns to the UK. Within an hour, Jessy offered us a Liberator or a Glock switch. A glock switch (also known as an auto sear) is a small, sometimes 3D-printed part that converts a pistol into an automatic Liberator, designed in 2013 by "crypto-anarchist" Cody Wilson, is the world's first widely available 3D-printed gun, capable of firing a single claimed he could smuggle the weapon through UK customs, asked for payment of £160 in bitcoin, then suggested a bank transfer to a UK account we couldn't we later contacted Jessy, identifying ourselves as the BBC, he acknowledged that selling weapons in the UK is illegal but sounded unapologetic."I run my business, sell some straps [slang for weapons] online," he said. We did not proceed with the transaction to test Jessy's claims. While his casual attitude suggested he might have been a scammer, his ability to advertise on Meta and operate on Telegram highlights apparent loopholes that real gun dealers could contacted, Meta told the BBC that the adverts we highlighted had been "automatically disabled in line with our policies", and that inclusion in its ad library "doesn't necessarily mean the ad is still live or visible".Telegram said that Jessy's account had been proactively removed for breaching its policies. A spokesperson added: "The sale of weapons is explicitly forbidden by Telegram's terms of service and is removed whenever discovered. Moderators empowered with custom AI and machine learning tools proactively monitor public parts of the platform and accept reports in order to remove millions of pieces of harmful content each day, including the sale of weapons."Concerningly though, people seeking 3D-printed guns don't need to buy readymade ones through social media. They can assemble their own. Models like the FGC-9 are designed using only 3D-printed plastic and repurposed metal components, with no commercially available gun parts required."You are essentially becoming a DIY gunsmith," says Dr Rajan Basra, a researcher at King's College London. However, "It's not as easy as printing off a sheet of A4 paper in your office printer."As the BBC has previously reported, there are websites offering free step-by-step guides and downloadable blueprints for building 3D-printed such guide was written by Matthew Larosiere, a gun rights attorney in Florida. He's associated with the global pro-3D-printed gun community, which has many members in the USA who see the Second Amendment right to bear arms as a human Trending challenged him about why he is sharing information to help people build a lethal replied: "It's just information. It's ones and zeros. The fact that the information has a use case that makes you uncomfortable, I understand and I sympathise with that, but that doesn't make it correct to say it's anything more than information."Asked about the risk of this "information" being used in a school shooting or massacre, he replied: "I thank God that has not happened." He cited Myanmar as a country where, in his view, 3D-printed guns have served a positive cause. Myanmar is currently the only known case of 3D-printed guns being used in active military conflict. The FGC-9's use by resistance fighters against the junta has been widely as BBC Burmese's Hnin Mo discovered, many of these groups have since stopped using 3D-printed guns. This is despite resistance forces producing hundreds of FGC-9s in 2022 and 2023, which cost over ten times less than machine guns on the black rebel leaders Hnin Mo spoke to cited the junta's tight control over imports of essential materials like glue and metal. Additionally, these groups now have more conventional weapons at their disposal, such as RPGs or machine Myanmar example demonstrates the limitations of current 3D-printed guns for military use. But globally, their spread is clear. Several countries are considering laws to criminalise the possession of blueprints. There are also calls for 3D printer manufacturers to block the printing of gun parts, in the same way that conventional printers restrict the printing of currency. But whether such measures can be effective remains to be reporting by Hnin Mo, BBC Burmese For more on this story:BBC World Service goes inside the world of 3D printed Print and Shoot - the global spread of 3D-printed gunsListen to BBC Trending: Print and shoot: The rise of 3D-printed guns
