The FBI just issued its most direct warning yet about the apps sitting on your phone. On March 31, 2026, the bureau's Internet Crime Complaint Center published PSA 260331 - a formal public service announcement telling Americans that millions of the most downloaded apps in US stores are developed by foreign companies, particularly in China, and that their data could be accessed by the Chinese government at any time under the country's national security laws.
This is not a hypothetical. It follows a string of real legal actions, platform restructurings, and government crackdowns in 2026 that have put apps like CapCut, Temu, and SHEIN directly in the crosshairs - and left over 100 million daily users wondering whether their favorite apps will survive the year.
(toc) #title=(Table of Content)
The Core Event: FBI Warning, Lawsuits, and TikTok's Restructuring
The March 31 FBI PSA did not name specific apps, but its language is sweeping. As per IC3 PSA 260331, apps that maintain digital infrastructure in China are subject to China's extensive national security laws - laws that enable the Chinese government to potentially access mobile app users' data. The bureau warned that once a user grants permissions, some apps may persistently collect data from across the entire device, not just within the app itself. This can include full contact lists - names, phone numbers, email addresses, user IDs, and physical addresses of people who never even installed the app.
The warning arrives in the middle of a broader legal and regulatory crackdown that has been building since early 2026.
In February 2026, Texas Attorney General Ken Paxton filed separate lawsuits against both Temu and SHEIN. In the Temu suit, Paxton described the app as "Chinese Communist spyware disguised as a shopping app," alleging it runs dangerous software functions that create backdoor access into users' private data. For SHEIN, the suit alleged the app failed to disclose to users that their personal data could be accessed by the Chinese government under China's national intelligence and cybersecurity laws - an omission Texas called "materially deceptive." Both suits were filed under the Texas Deceptive Trade Practices Act and are ongoing as of April 2026.
Meanwhile, TikTok narrowly avoided a full ban by closing a major ownership restructuring on January 22, 2026. As per TikTok's official announcement, the platform is now operated by TikTok USDS Joint Venture LLC - 80.1% owned by US and international investors including Oracle, Silver Lake, and Abu Dhabi's MGX, with ByteDance retaining a 19.9% minority stake. Oracle is the designated security partner, responsible for auditing compliance, managing US user data, and retraining TikTok's content algorithm on US servers. The joint venture also covers CapCut and Lemon8 under the same security framework.
Why It Matters: Apps Under Scrutiny in 2026
The practical risk is not abstract. As per the FBI's IC3 PSA, apps with China-based infrastructure operate under a legal framework that requires companies to cooperate with Chinese government data requests. Unlike most Western jurisdictions where companies can resist such demands through legal channels, Chinese law offers no equivalent protection for users.
Here is where the most widely used apps currently stand in 2026:
- TikTok: Currently available in the US under the USDS Joint Venture. US user data is now stored in Oracle's US cloud environment. ByteDance has no control over the US algorithm. Still banned on US federal government devices and many state government systems.
- CapCut: Covered under the TikTok USDS Joint Venture as of January 22, 2026. Data governance now falls under Oracle's security framework in the US. However, no formal independent audit has been publicly published as of April 2026.
- Temu: Facing active lawsuit from Texas AG (filed February 19, 2026) for alleged data harvesting and CCP data exposure. The FBI PSA applies directly given the app's Chinese infrastructure.
- SHEIN: Facing active lawsuit from Texas AG (filed February 20, 2026) for deceptive data practices. Added to Texas's Prohibited Technologies List by Governor Abbott in January 2026. Despite moving headquarters to Singapore, the complaint alleges SHEIN remains subject to Chinese law due to its China-based manufacturing and operational ties.
- DeepSeek: Already banned from government devices across Florida, New York, Texas, and other states in early 2026 due to data security concerns.
According to TechRadar's analysis of 2026 US download charts, the second most downloaded Android app is TikTok Lite (China-linked), while Temu ranks fourth. On iOS, the picture is nearly identical. The apps the FBI warned about are not fringe downloads - they are sitting at the top of every US app store chart.
Why Fears Are Rising in 2026
The FBI warning and the legal actions are not happening in isolation. They are part of a coordinated shift in how the US government and individual states are treating foreign-developed apps.
In 2026, Republican lawmakers introduced the Securing Federal Devices from Chinese Applications Act, aimed at blocking CCP-controlled apps from all US government devices. Several states including Florida, New York, and Texas have independently banned DeepSeek and other Chinese AI tools from state systems. The Temu and SHEIN lawsuits from Texas represent the first coordinated state-level effort to use consumer protection law specifically against Chinese app data practices.
The underlying concern, as stated by the FBI, is structural. Chinese national security laws mandate that companies operating in or maintaining infrastructure in China cooperate with government intelligence requests. There is no opt-out, no legal challenge available to the company, and no notification required to the user. As per the IC3 PSA, this creates a risk that is not about individual app behavior - it is about the legal jurisdiction the app operates under.
Context: USA, UK, Canada, and Australia
In the United States, the impact is most acute. Temu alone had over 80 million active US users as of late 2023, with growth continuing through 2025. CapCut has become the dominant free video editing tool for US creators and small businesses. SHEIN generated more than $32 billion in US revenue in 2023. Restrictions or bans on these apps would directly affect everyday consumers, freelance content creators, and small online retailers who have built workflows around them.
In the United Kingdom, the UK National Cyber Security Centre (NCSC) has issued guidance advising government employees to avoid Chinese-developed apps on work devices. The UK has no equivalent of the US divest-or-ban legislation as of April 2026, but regulatory momentum is building, particularly around data localization and app store accountability.
In Canada, the federal government banned TikTok from all government-issued mobile devices in 2023 - a ban that remains in effect in 2026. The Canadian Centre for Cyber Security has flagged the same data sovereignty risks highlighted by the FBI PSA. Canadian consumers using apps like Temu and SHEIN remain exposed to the same data risks affecting US users.
In Australia, the Australian Signals Directorate (ASD) has advised against using foreign-developed apps on government devices for several years. The Australian government's approach to Tier-1 data risk from Chinese apps mirrors US concerns but has not yet resulted in consumer-facing bans. For Australian small business owners and creators using CapCut or Temu in 2026, no formal restrictions apply - but the data risk profile is identical to that of their US counterparts.
Expert Perspective: What Happens Next
The FBI's March 31 PSA is not a ban order. It carries no enforcement weight on its own. But it signals a clear direction: the US government is moving toward treating Chinese-developed apps as a systemic data risk rather than an individual privacy issue.
The TikTok model - a forced restructuring under US-majority ownership with Oracle as a data guardian - is now the established template. The question for 2026 is whether apps like Temu and SHEIN will face similar pressure. Both are currently fighting state-level lawsuits. Neither has an equivalent of TikTok's national security law forcing them to restructure. But legal precedent, FBI warnings, and growing political pressure all point in one direction.
For content creators and freelancers who rely on CapCut for video editing, the January 2026 USDS Joint Venture provides a degree of protection for US users - but the transition is still ongoing, and Oracle's retraining of the algorithm is not yet complete. Creator RPM disruptions have been widely reported since the January handover, and long-term platform behavior under the new ownership remains an open question.
For everyday users, the most important shift is awareness. The FBI is not saying all foreign apps are malicious. It is saying the legal structure governing Chinese apps creates a risk that exists regardless of individual app behavior - and that risk is now a matter of public record.
Key Takeaways
- The FBI issued PSA 260331 on March 31, 2026, warning that Chinese-developed apps can be legally required to share US user data with the Chinese government - covering top-downloaded apps including Temu and SHEIN.
- TikTok and CapCut are now operating under the TikTok USDS Joint Venture LLC (closed January 22, 2026), with Oracle managing US data security and ByteDance holding only a 19.9% minority stake.
- Texas AG Ken Paxton filed active lawsuits against both Temu (February 19) and SHEIN (February 20) in 2026 over alleged CCP-linked data harvesting under the Texas Deceptive Trade Practices Act.
- SHEIN was added to Texas's Prohibited Technologies List in January 2026; DeepSeek is already banned on government devices across multiple US states.
- Users in the US, UK, Canada, and Australia face real data exposure risks from apps maintaining infrastructure in China - regardless of where those apps are headquartered.
Frequently Asked Questions
Is TikTok banned in the US in 2026?
No. TikTok avoided a full ban through the TikTok USDS Joint Venture LLC, which closed on January 22, 2026. The new entity is 80.1% owned by US and international investors, with Oracle managing data security. ByteDance retains a 19.9% minority stake. TikTok remains available to US consumers but is still banned on US federal government devices.
Is CapCut safe to use in 2026?
CapCut is now covered under the TikTok USDS Joint Venture as of January 22, 2026, meaning US user data falls under Oracle's security framework. However, no independent public audit of CapCut's compliance has been published as of April 2026. Non-US users of CapCut remain under ByteDance's standard data governance.
Why did the FBI warn about Temu and SHEIN?
The FBI's March 31, 2026 PSA (IC3 PSA 260331) identified apps maintaining infrastructure in China as subject to Chinese national security laws that allow the government to access user data. Temu and SHEIN both maintain significant operations in China, making them directly relevant to the FBI's warning. Texas AG lawsuits against both apps in February 2026 specifically allege failure to disclose this risk to users.
Can apps collect data even when you are not using them?
Yes, according to the FBI PSA. The bureau warned that once a user grants permissions, some foreign-developed apps can persistently collect data from across the entire device - not just while the app is active. This can include full contact lists, location data, and other information beyond what the app's core function requires.
What should users do to protect themselves from data risks?
As per FBI guidance: download apps only from official stores (Apple App Store or Google Play), read permissions carefully before accepting them, disable data sharing that is not needed for the app's core function, keep your device software up to date, and report suspicious app behavior to IC3 at ic3.gov. For work devices, follow your organization's mobile device policy regarding foreign-developed apps.
Are these apps banned in the UK, Canada, or Australia?
Consumer-facing bans do not currently apply in the UK, Canada, or Australia for apps like Temu and SHEIN. However, TikTok and CapCut are banned on government devices in Canada (since 2023) and are restricted on government devices in the UK and Australia. The data risk profile for everyday users in these countries is identical to that of US users - the difference is in the absence of formal consumer-level enforcement so far.
Related Articles
Final Verdict
The FBI's March 2026 warning is the clearest signal yet that the US government views Chinese-developed apps as a structural data security issue - not a case-by-case privacy concern. TikTok has restructured. CapCut is covered under the same deal. Temu and SHEIN are facing active lawsuits. DeepSeek is already off government devices in multiple states.
The apps are not banned yet. But the legal, regulatory, and law enforcement pressure in 2026 is building toward a framework where using certain foreign apps without understanding the data risks attached to them is no longer a safe default. For the millions of daily users across the US, UK, Canada, and Australia who rely on these platforms, the time to review your permissions - and your alternatives - is now.
Welcome to iTechnoGlobe! Feel free to ask questions. Please avoid using abusive language, hate speech, or spam links. Such comments will be deleted immediately. Lets keep it professional!