Consumers should throw away their Chinese phones and avoid buying new ones, Lithuania’s Defence Ministry has warned.
A report by its National Cyber Security Centre tested 5G mobiles from Chinese manufacturers.
It claimed that one Xiaomi phone had built-in censorship tools while another Huawei model had security flaws.
Huawei said no user data is sent externally and Xiaomi said it does not censor communications.
"Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible," said Defence Deputy Minister Margiris Abukevicius.
Xiaomi’s flagship Mi 10T 5G phone was found to have software that could detect and censor terms including “Free Tibet”, "Long live Taiwan independence" or "democracy movement", the report said.
It highlighted more than 449 terms that could be censored by the Xiaomi phone's system apps, including the default internet browser.
In Europe, this capability had been switched off on these models, but the report argued it could be remotely activated at any time.
"Xiaomi's devices do not censor communications to or from its users," a spokeswoman told the BBC. "Xiaomi has never and will never restrict or block any personal behaviours of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software."
The firm is fully GDPR compliant, she added.
The research also found the Xiaomi device was transferring encrypted phone usage data to a server in Singapore.
"This is important not only to Lithuania but to all countries which use Xiaomi equipment," the Centre said.
The smartphone maker has soared in popularity with affordable models, seeing a 64% rise in revenue in its second quarter compared to a year earlier.
The report also highlighted a flaw in Huawei’s P40 5G phone, which put users at risk of cyber-security breaches.
“The official Huawei application store AppGallery directs users to third-party e-stores where some of the applications have been assessed by anti-virus programs as malicious or infected with viruses,” a joint statement by the Lithuanian Ministry of Defence and its National Cyber Security Centre said.
A Huawei spokesman told the BBC it abides by the laws and regulations of the countries where it operates, and prioritises cyber-security and privacy.
“Data is never processed outside the Huawei device,” he added.
“AppGallery only collects and processes the data necessary to allow its customers to search, install and manage third-party apps, in the same way as other app stores.”
Huawei also performs security checks to ensure the user only downloads “apps which are safe,” he said.
A further 5G model by OnePlus was also examined by the team, but was found to have no issues.
The report comes as tensions between Lithuania and China are rising.
Last month, China demanded that Lithuania remove its ambassador from Beijing and said it would withdraw its envoy from Vilnius.
The row began when Taiwan announced its missions in Lithuania would be called the Taiwanese Representative Office.
Other Taiwanese embassies in Europe and the United States use the name of the country's capital city, Taipei, to avoid a reference to the island itself, which China claims as its own territory.