Consumers should throw away their Chinese phones and avoid buying new ones, Lithuania’s Defence Ministry has warned.
A report by its National Cyber Security Centre tested 5G mobiles from Chinese manufacturers.
Researchers identified that one Xiaomi phone had built-in censorship tools while another Huawei model could be vulnerable to cyber-attacks.
Huawei said no user data is sent externally.
"Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible," said Defence Deputy Minister Margiris Abukevicius.
Xiaomi’s flagship Mi 10T 5G phone was found to have software that could detect and censor terms including “Free Tibet”, "Long live Taiwan independence" or "democracy movement", the report said.
It highlighted more than 449 terms that could be censored by the Xiaomi phone's system apps, including the default internet browser.
In Europe, this capability had been switched off on these models, but the report argued it could be remotely activated at any time.
Xiaomi has not responded to the BBC's request for comment.
The research also found the Xiaomi device was transferring encrypted phone usage data to a server in Singapore.
"This is important not only to Lithuania but to all countries which use Xiaomi equipment," the Centre said.
The smartphone maker has soared in popularity with affordable models, seeing a 64% rise in revenue in its second quarter compared to a year earlier.
The report also highlighted a flaw in Huawei’s P40 5G phone, which put users at risk of cyber-security breaches.
“The official Huawei application store AppGallery directs users to third-party e-stores where some of the applications have been assessed by anti-virus programs as malicious or infected with viruses,” a joint statement by the Lithuanian Ministry of Defence and its National Cyber Security Centre said.
The BBC is not responsible for the content of external sites.View original tweet on Twitter
A Huawei spokesman told the BBC it abides by the laws and regulations of the countries where it operates, and prioritises cyber-security and privacy.
“Data is never processed outside the Huawei device,” he added.
“AppGallery only collects and processes the data necessary to allow its customers to search, install and manage third-party apps, in the same way as other app stores.”
Huawei also performs security checks to ensure the user only downloads “apps which are safe,” he said.
A further 5G model by OnePlus was also examined by the team, but was found to have no issues.
The report comes as tensions between Lithuania and China are rising.
Last month, China demanded that Lithuania remove its ambassador from Beijing and said it would withdraw its envoy from Vilnius.
The row began when Taiwan announced its missions in Lithuania would be called the Taiwanese Representative Office.
Other Taiwanese embassies in Europe and the United States use the name of the country's capital city, Taipei, to avoid a reference to the island itself, which China claims as its own territory.