Critics, including Michelle Kuppersmith from Campaign for Accountability, argue that Apple is failing to uphold its privacy commitments by allowing these potentially dangerous apps on its platform, highlighting a disconnect between the company's marketing and its app vetting processes.

Research indicates that up to 20% of popular free VPNs are owned by Chinese companies, often obscured by offshore shell corporations, further complicating the landscape of digital privacy.

While Apple has removed some implicated apps, the status of others with significant user bases remains uncertain, highlighting ongoing concerns about app vetting and user safety.

This situation reflects ongoing tensions between the US and China regarding technology and cybersecurity, as well as the challenges tech companies face in navigating government regulations.

Despite the alarming findings, all five identified Qihoo 360 VPNs remain available on the App Store as of April 2025, indicating a lack of decisive action from Apple.

The presence of these apps in major app stores illustrates the challenges of regulating software that poses national security risks.

These VPNs are believed to facilitate internet censorship and surveillance, which could compromise user data and privacy.

Under Chinese national security laws, companies are required to hand over user data to the government, adding to the risks associated with using these VPNs.

Users are reminded that free VPN services often come with hidden costs, such as data monetization, which underscores the need for caution when selecting a VPN.

Although Apple's guidelines prohibit data sharing with third parties, these regulations appear to be overlooked in light of Chinese laws governing user data.

A recent investigation by the Tech Transparency Project, in collaboration with the Financial Times, has uncovered that at least five VPN apps available on major app stores are linked to the Chinese military, raising significant privacy concerns.

Experts advise users to select VPNs developed by reputable Western companies, preferably paid services with established privacy policies, to mitigate risks.