In recent years U.S. officials have sounded the alarm that Chinese-owned mobile apps are siphoning sensitive data from government-issued devices. In December 2022 Congress banned TikTok on all federal agency phones, a move quickly enforced by the White House.
This investigative report about data harvesting by Chinese Apps reveal how similar orders followed for state and local governments: by early 2023 more than half of U.S. states had prohibited TikTok on official devices, and local governments (from Raleigh, NC to other cities) likewise blocked TikTok and WeChat on city phones and computers. Governors now routinely issue directives naming Chinese AI apps (e.g. DeepSeek) and social platforms (e.g. RedNote/Xiaohongshu, Lemon8) that employees must not download on work devices.
The concern is twofold: these apps often “collect vast swaths of information” like location, contacts, device data, even biometric identifiers and Chinese law can compel companies like ByteDance or Tencent to hand over that data to the government.
Security experts warn this combined force of aggressive data collection plus Beijing’s legal reach poses a serious espionage risk on systems that run our power grids, military networks and citizen databases.
Federal and state leaders frame the issue bluntly. As Texas Gov. Greg Abbott declared, “Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps,” banning apps like DeepSeek and RedNote on all state-owned or personal devices used for works.
New York Governor Kathy Hochul similarly prohibited the Chinese AI chatbot DeepSeek on all state networks, citing its links to surveillance and “how DeepSeek can be used to harvest user data and steal technology secrets.”
Even in traditionally tech-friendly environments, officials echo these fears: Raleigh, NC’s IT department warned that “TikTok and WeChat” lack “sufficient privacy controls” and connect to nations known to sponsor cyber-attacks on the U.S. These bans extend beyond TikTok: for example, South Dakota’s governor cited an existing order banning WeChat when he added DeepSeek and RedNote to the forbidden list.
In sum, federal and state governments have effectively declared most Chinese-origin apps off-limits on government hardware, even as personal use remains contentious.
Scope of Banned and Suspect Apps
The public focus has centered on TikTok (ByteDance’s social media platform) and WeChat (Tencent’s messaging app), but investigators warn the issue is much broader. U.S. bans now target a range of applications from social media to finance. For example, Texas added several investment apps (Webull, Tiger Brokers, Moomoo) to its prohibited list, as well as Lemon8 (ByteDance-owned) and DeepSeek, a new generative AI app from a Chinese firms.
In New York, regulators officially banned DeepSeek citing concerns it could “harvest user data and steal technology secrets.” South Dakota pointedly grouped DeepSeek and RedNote alongside TikTok and WeChat in its executive order.
Tech analysts note that many new Chinese apps are already replicating TikTok’s growth or entering U.S. markets.
Little-known examples include RedNote (Xiaohongshu), a lifestyle/social app and Temu, a Chinese e-commerce platform. Temu’s explosive rise (thanks to Super Bowl ads in 2024) has drawn scrutiny: a CSIS security analysis calls Temu “an information-gathering spyware program masquerading as an e-commerce site.” It warns that Temu’s smartphone app is coded to behave like a digital parasite and is “extremely difficult to remove,” with access to everything on the user’s phone, because Temu must cooperate under China’s National Intelligence Law, it can serve as a powerful surveillance tool.
Similarly, independent researchers have found that apps like DeepSeek and RedNote are already connecting U.S. user data to Chinese servers. For instance, Wired reported that DeepSeek’s own privacy policy “unequivocally” states user data is stored on servers in China, and one security expert pointed out DeepSeek likely sent more user data to China than TikTok ever did. In short, data exfiltration is often built in: whether social, chat, shopping or trading apps, the concern is that any Chinese-controlled software on a government device can funnel data back to Beijing.
How Data Harvesting By Chinese Apps Works Technically
Chinese apps typically gather far more information from smartphones than users realize. For TikTok, for example, the platform’s U.S. privacy policy explicitly allows collection of names, ages, phone numbers, email addresses, device details (e.g. model, IP address), keystroke patterns, chat messages, and even biometric data like faceprints and voiceprints.
The app also tracks precisely what videos you watch and how long, building a detailed “psychometric” profile of each user. In practice this means that TikTok (and similar apps) can see a government employee’s physical location logs, browsing and map history, and even what other apps are on the device.
Chinese messaging apps like WeChat collect address books, social contacts, and call/SMS metadata. New AI apps (DeepSeek) ingest everything users type or upload, essentially entire chat histories. And shopping apps (Temu/Shein) not only record purchase and browsing data but often request intrusive phone permissions by design.
Once collected, this data is stored on servers controlled by the app’s company. Crucially, Chinese law can force companies to hand over user data to the government upon request. The National Intelligence Law of 2017 mandates that “any organization or citizen…support, assist and cooperate with state intelligence work.”.
China’s 2017 Cybersecurity Law compels critical infrastructure firms to store data locally and make it accessible to authorities, and the 2023 Counter-Espionage Law broadly criminalizes unknown espionage activities (potentially including broad data collection). Taken together, analysts warn, these laws mean there is no firewall between TikTok’s data troves and the Chinese state. ByteDance has repeatedly denied handing data to Beijing, but US officials note that under Chinese law refusal isn’t really an option.
In sum, the mechanism of data harvesting is technically mundane (sensors and permissions built into apps) but geopolitically potent. As one cybersecurity professor summarized, Western companies view data collection as a business, but “for China…data is military and intelligence infrastructure”. A 2023 report by the Center for Internet Security notes that Chinese apps effectively become “data harvesting clearinghouses” for the CCP. That data includes maps of networks, algorithms, and potentially unpublished research, all of which might be siphoned if these apps are on government hardware.
Impact on Government and Society
Government Devices
The bans already in place are aimed at cutting this data flow. Since the federal ban took effect, agencies had 30 days (from early 2023) to delete TikTok from all phones, tablets and computers. State governments have moved even faster; for example, Ohio and North Carolina simultaneously banned TikTok and WeChat on state-issued devices in early 2023.
The goal is to protect not just classified networks but non-sensitive systems as well: local traffic cameras, job dispatch systems, or school iPads could potentially leak information. As one Virginia state executive order put it, apps that “connect to countries which have sponsored…cyber-attacks against the United States” must be blocked.
In practice this has meant internal firewalls on Wi-Fi, removal of app stores, and strict policy guidance to employees. Government tech chiefs report some employee pushback (e.g. citing productivity apps lost), but national security concerns generally outweigh convenience in these decisions.
Public Reactions
The bans have caused a stir in affected communities. Asian American and immigrant groups worry that such measures can fuel anti-Asian sentiment. Activists note that victims of Chinese influence operations include all Americans, not just those of Asian heritage. Sookyung Oh of the Hamkae Center observes that Chinese-language users (often immigrants or elderly) rely on apps like WeChat to communicate, and blanket bans may inadvertently alienate them.
Privacy advocates echo concerns that U.S. surveillance practices are far more extensive than Chinese ones – as one civil liberties lawyer quipped, banning TikTok for data collection is “xenophobic showboating” when U.S. tech giants do the same at scale. Yet legal experts like Johns Hopkins’ Anton Dahbura point out that even non-sensitive data (food processing plant locations, research publications, etc.) can be strategically valuable, so some caution is warranted.
International Comparisons
The U.S. is not alone in blocking Chinese apps. In Canada, the government followed the U.S. lead and banned TikTok on federal devices in early 2023. European Union institutions (EU Parliament, Commission) have barred TikTok on staff devices due to similar security and influence concerns.
The UK Parliament even deleted its official TikTok account in 2023, citing “considerable data security risks”. India set a dramatic example: after a 2020 border clash with China, New Delhi permanently banned TikTok and dozens of other Chinese apps, stating that user data was being mined “by elements hostile to national security and defence of India”.
Taiwan and Japan have imposed public sector bans on WeChat and TikTok, and Australia disallowed TikTok on government devices as well. Each of these cases echoes U.S. reasoning, a shared fear that Chinese government could access diaspora communications or strategic data. Conversely, China has criticized the U.S. bans as economic protectionism, pointing out that American tech companies must now comply with China’s strict privacy laws if they want to operate there.
Experts say these global patterns confirm the U.S. strategy. CrowdStrike CSO Shawn Henry notes that “China wants to be the No.1 superpower… they have been targeting U.S. technology” and that apps like TikTok are “another opportunity…to see what people are thinking”.
Interviews with legal scholars emphasize that the core issue is Chinese Communist Party influence – not just data greed. As U.S. Deputy Attorney General Lisa Monaco bluntly put it, Chinese laws “require companies doing business in China to provide access to their data”, meaning a backdoor exists by law.
Expert Insights and Testimonies
“TikTok automatically captures vast swaths of information from its users… allowing the Chinese Communist Party access to Americans’ personal and proprietary information,” wrote President Trump in his 2020 executive order, warning that the app could be used to “track the locations of Federal employees” and build dossiers for espionage.
Security researchers corroborate this. David Robinson, a cyber analyst, found that TikTok’s data collection is far “more aggressive” than even WeChat’s. He observed that TikTok repeatedly prompts users for sensitive access (like contacts), then uploads that data to servers building a detailed profile of American users.
Similarly, Citron Lab at Univ. of Toronto reports that TikTok’s tracking (app usage, device identifiers, ad targeting) is roughly on par with Facebook’s, but “the difference is the legal environment behind it”: Chinese intelligence laws grant CCP agencies access in ways Western companies resist.
Lawsuits and legislation also feature expert testimony. In Congress, TikTok’s defense lawyers warned that a forced sale or ban could have sweeping “irreparable” consequences for platform safety and free speech (during 2024 Supreme Court arguments). On the other hand, state and federal CIOs have given impassioned interviews: New York’s Chief Cyber Officer cited national resilience, saying New York will “defend…from cyber threats” by blocking any known risky apps.
Privacy advocates (Fight for the Future’s Evan Greer) argue that the focus should be on all tech companies, not a foreign scapegoat. But even some critics admit there are stakes: Johns Hopkins security director Anton Dahbura noted that routine corporate research (non-classified) can still be strategic intelligence underscoring that “important information about the United States is not strictly limited to nuclear power plants”.
Affected individuals weigh in too. A Virginia WeChat user told reporters she relies on the platform to communicate with family in Asia; she fears workplace restrictions “make [her] feel…like an outsider” and could hinder her job duties. Chinese tech company spokespeople consistently reject the claims: TikTok officials emphasize that U.S. data is stored on U.S. and Singaporean servers (not China) and that they have never received a Chinese government data request.
But the distrust lingers. At the local level, school administrators report scrambling to find alternate digital tools for teaching now that banned apps (like TikTok-based learning widgets) are off-limits on school tablets.
Technical and Policy Details
From a technical standpoint, defending against such data harvesting means isolating networks. Government IT directives often require that any device with an app linking to China be segmented on its own network or simply removed. For example, some agencies now block the TikTok domain at the firewall on the official Wi-Fi network. Others issue “locked down” phones that can only install vetted applications from a custom in-house app store.
At the federal level, Congress went further: the “No TikTok on Government Devices Act” (Dec 2022) forbids app updates and requires removal of TikTok from agency devices. In practice, this led federal agencies to purge TikTok and any known ByteDance-related software from office devices, though critical law enforcement units won narrow exemptions.
Legally, U.S. policymakers are moving towards an even broader net. The 2024 federal law (PAFACA) effectively authorized a nationwide TikTok ban absent ByteDance’s sale of TikTok. Similar bills (DATA Act, RESTRICT Act) have been introduced to give commerce authorities more power over apps linked to “foreign adversaries”.
Analysts caution that future rules may target technologies (like AI or chips) beyond social media. Indeed, Abbott’s order in Texas explicitly mentions both “AI apps” and social apps, reflecting a strategy that looks past TikTok to any Chinese tech presence on devices.
On the flip side, some U.S. officials advocate for data security norms: proposals include requiring companies to store critical federal data only on domestic servers, or mandating “data sovereignty” for sensitive apps. There is also talk of international coalitions (as with Chinese 5G scrutiny) to set global standards for software integrity. However, many lawyers warn that an outright app ban on private citizens could face First Amendment challenges. Thus far, the focus remains on government networks, where security takes priority over individual choice.
Conclusion
The evidence is compelling that Chinese-controlled apps running on American government devices create a potential backdoor into U.S. systems. Through billions of data points like our locations, calendars, messages and more these apps build a digital profile that, under Chinese law, could be handed to Beijing’s security apparatus at any time.
In response, the U.S. has enacted one of the world’s strictest app policies: sweeping bans on TikTok, WeChat and dozens of lesser-known Chinese apps from federal, state and local government devices. Internationally, similar moves in India, the EU and elsewhere show this is a common global concern about Chinese data practices.
Investigative interviews suggest that for now, policymakers view these bans as necessary shields. “Public safety is my top priority,” New York’s governor declared when banning DeepSeek on state networks, and that view resonates in capitals worldwide. Still, debates continue over how to balance security with openness and avoid scapegoating entire communities. In the meantime, American agencies are upgrading their cyber defenses and reevaluating what apps they allow.
As one tech insider puts it, Chinese apps on government phones are now “viewed not just as software, but as potential espionage tools.” The road ahead will likely involve deeper audits of app code, new legislation, and perhaps even technological solutions (like on-device firewalls) to ensure that data collected by foreign apps stays outside the reach of adversaries.
The facts are clear: when U.S. government employees tap a Chinese app on their phone, they risk unleashing data flows they can’t fully control. By documenting bans, laws, technical details and expert testimony, this investigation shows why officials have chosen a hard line. The story is still unfolding, but one lesson is already learned: vigilance on data collection is now a front-line national security issue.
Citations And References
All citations in this investigation correspond to verified sources gathered during extensive research across multiple continents and databases. Full documentation available upon email to support the accuracy and verifiability of all claims made.
cbsnews.com apnews.com san.com govtech.com apnews.com vpm.org cisecurity.org csis.org southdakotasearchlight.com govtech.com theguardian.com wired.com
About Our Investigative Services
Seeking to expose corruption, track illicit financial flows, or investigate complex criminal networks? Our specialized investigative journalism agency has proven expertise in following money trails, documenting human rights violations, and revealing the connections between organized crime and corporate malfeasance across the world and beyond.
Partner With Us for Impactful Change
Our investigative expertise and deep industry networks have exposed billion-dollar corruption schemes and influenced policy reform across Americas and beyond.
Whether you’re a government agency seeking independent analysis, a corporation requiring risk assessment and due diligence, or a development organization needing evidence-based research, our team delivers results that matter.
Join our exclusive network of premium subscribers for early access to groundbreaking investigations, or contribute your expertise through our paid contributor program that reaches decision-makers across the continent.
For organizations committed to transparency and reform, we also offer strategic partnership opportunities and targeted advertising placements that align with our mission.
Uncover unparalleled strategic insights by joining our paid contributor program, subscribing to one of our premium plans, advertising with us, or reaching out to discuss how our media relations and agency services can elevate your brand’s presence and impact in the marketplace.
Contact us today to explore how our investigative intelligence can advance your objectives and create lasting impact.
Read all investigative Stories on Technology.
* For full transparency, a list of all our sister news brands can be found here.
