When you download an app from the App Store or Play Store, how much research do you do ahead of time? Do you look into who makes the app, and where that company is based? Do you scan the app’s privacy policy to make sure your data is handled responsibly? You might not, but, as it turns out, the FBI wants you to.
The FBI issued a warning last Tuesday concerning “foreign-developer mobile applications (apps).” (Thank you, FBI, for that clarification.) The FBI’s thesis is this: Many of the most popular apps in the U.S. aren’t developed here—instead, they’re often developed and maintained by foreign companies. Now, these discussions can verge dangerously close to xenophobic, especially considering the U.S.’s current administration, but some of the FBI’s concerns are legitimate. The FBI’s chief issue is with the security laws of countries like China, which the FBI says could allow China’s government to access U.S. user data. This was one of the concerns that led to the TikTok ban, and why there is now a majority-U.S. ownership of the platform.
In its PSA, the FBI highlights how some apps will encourage you to invite friends or contacts to use the app as well. The companies behind those apps can then store that contact information, including names, email addresses, phone numbers user IDs, and home addresses. Even if you, personally, don’t use the app, or share your contact info with the app, someone else who does have your contact information may share it themselves. The FBI also points to the privacy policies of some apps, that admit that data is stored in Chinese-based servers for “as long as the developers deem necessary.” Finally, some apps may contain malware that exploits security vulnerabilities in your devices’ operating systems. The FBI highlights that this malware can run programs in the background without your knowledge, designed to steal your data.
What the FBI recommends you do
The PSA walks through a number of steps you can take to protect your data and protect your devices—regardless of whether or not you’re using apps developed out of the U.S. That includes the following:
-
Disabling data sharing whenever you can
-
Downloading apps from official app stores, as opposed to unregulated online marketplaces
-
Change and update your passwords frequently
-
Install updates when they become available
-
Read terms of services and license agreements when downloading apps
The FBI also encourages you to file a report with the IC3 if you believe your data has been compromised.
The FBI’s tips above are actually generally useful, but none is necessarily groundbreaking. These are pretty standard best practices for cybersecurity—though changing your passwords frequently without reason isn’t as widely recommended anymore. Follow these tips, though, and you’ll help protect your data as you engage with the internet.
What do you think so far?
Watch out for shady apps in general, not just “foreign” developers
It’s a bit impractical to ask Americans to abstain from, or even be wary of, foreign-developed apps. Yes, other countries have different security laws than the U.S., but the U.S.’s current laws allow companies to scrape our data for profit. If not, Meta and Google would be hurting for business. The FBI isn’t concerned about American companies having access to Americans’ data, of course; just foreign governments.
I understand the logic, but I don’t think it’s something that you, as an individual American with a smartphone, needs to be all that worried about. Instead, I think your concern should be more general: rather than worry where an app was developed, look into what data that apps wants. It doesn’t matter if the app is American, Chinese, or made by a company based somewhere else: If the app is asking for a whole bunch of data, don’t give it to them without reason. If you’re using a messaging app and want to be able to sync your contacts, that’s one thing; if your meditation app wants your contacts, it’s probably best to deny them.
Malware is definitely of the most biggest points of concern right now, especially as bad actors exploit some major vulnerabilities in platforms like iOS. While issues with malware are highlighted in this PSA, I think that’s where the FBI should be focusing its attention. Downloading an app from a random site on the the internet, or from a dubious listing on the App Store or Play Store, can compromise your device and its data. It doesn’t really matter where the app is from: Doing a bit of research before hitting “install” can protect you from a major headache in the future.
