cross-posted from: https://lemmy.sdf.org/post/31957116
Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.
TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.
[...]
VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.
However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.
[...]
The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.
[...]
The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.
[...]
How many of these apps are AGPL?
None. The Apple App store straight up disallows AGPL and GPL licensed code on it.
Sometimes people mistake platforms banning or refusing to use A/GPL licensed code as restrictions of the license itself, and that's what they refer to by "The A/GPL is 'restrictive'" — because A/GPL licensed code can't be used on every platform.
More often, only those lying about the AGPL being restrictive are the scammers it protects us from, those taking libre software and turning it into anti-libre software, taking software we do control and turning it into software we do not control. Copyleft libre software licenses like the AGPL defend us from this but all libre software licenses help protect our privacy.
No surprise we get no privacy from software we do not control.
I found this helpful article about what the AGPL is, and how it can be really beneficial- with examples.
Can you provide a source about Apple not letting you distribute GPL licensed code? Or is that basically what this StackOverflow question mentions? I'm just trying to figure out whether Apple's evil here is business as usual, or particularly pernicious.
Here's an older article by the FSF:
https://www.fsf.org/blogs/licensing/more-about-the-app-store-gpl-enforcement
The short version is that Apple applies further restrictions what you can do with apps from the App Store, that conflict with the GPL's explicit requirement that software distributed is freely usable.
Apple is not unique in this, as other locked down app stores, like console app stores have similar issues.
It should also be noted that Apple themselves refuses to use GPL code in MacOS. They used to be using a very outdated bash version (since newer versions were GPL licensed), but it seems they've switched to zsh instead.
Google is similar, in that they have an internal policy to never touch AGPL code — You're not even supposed to install AGPL apps.
Both have the same result for our privacy.
Right, but does that mean GPL-licensed apps are still getting removed left and right from the App Store, and/or that people are self-censoring?
I see VLC (back from the original contention) is still up, though MPL licensed on there (it appears to be GPL on their official website), and I don't touch iOS devices nearly enough to recognize much else. It's been fifteen years.
Not sure but I get the question now.