Popular Free Android VPNs Have Glaring Security Loopholes
It is a spine chilling feeling when you discover something or someone you trust is actually letting you down, behind your back. In an era when cybercrime has spiraled out of proportions and Internet privacy is being compromised, VPNs are being used by millions of people to stay safe.
The web users living in countries with restricted internet access facilities and government censorship resort to VPN apps to bypass the restrictions. Privacy-aware users also use VPN services extensively to stay anonymous online and safeguard their data.
In a shocking revelation, it has been found the same VPN apps you may have trusted blindly for privacy and safety, are capable of leaking your data, stealthily.
The Flaws in Free VPN Apps of Android Exposed
VPN services can be used from computers and there are smartphone apps too. Now that most people use smartphones for internet access, the revelation of android VPN apps leaking sensitive user data has sent shockwaves.
However, the revelation points at the free VPN apps for Android, not the paid ones. Incidentally, these free VPN apps are used by the majority of Android device users.
The Revelation that Shook up Web Users
The research was carried out by Metric Labs’s Simon Migliano. The worrisome fact is these VPN Android applications have already been installed 260 million times approximately! It was published in the form of a risk index to help Android device users understand their risk quotient.
The Internet connection analysis utility of ICSI’s Netalyzr was used to test these VPN apps by Migliano’s team.
As per the findings, over 25% of 150 free VPN apps you can find in Google Play do not safeguard your privacy. The study also shows 85% of such free VPN apps can pave way to the onset of several security vulnerabilities.
These findings display how risky individual VPN apps are and whether they have embedded malware or not.
A number of these free VPN apps for Android were found to be bogged by the menace of DNS leakage. The network traffic remains encrypted, but DNS leak may allow the ISP to snoop into the online activities of the VPN users. Beyond doubt, this defeats the very purpose of using a VPN service!
On top of this, 66% of these free VPN apps were found to be asking for unnecessary permissions and such permission can be termed risky. One-fourth of the apps asked for location tracking and 38 percent requested access to users’ personal data stored on the device.
A small section of these apps also sought permission to use device mic and cameras. What is scarier is the finding, 18 percent of those apps were suspected of containing potential malware. The VPN apps were scanned by Google’s VirusTotal site for detecting malware.
The only thing the tested free VPN apps did correctly was setting up encrypted VPN connections.
What are the Implications for Users of free VPN apps?
No doubt, these findings are scary. This is basically why we always warn against using free VPNs. However, security experts feel not all of the tested apps may not be harmful in real life scenario.
Just because an app is asking for permissions does not always mean it is harmful. It can be part of targeted advertising effort or shoddy practice of programmers making the app. However, the paid VPN apps usually do not have such issues.
While the security issues of these free Android VPN apps may not be very grave, the privacy loopholes and usability issues should not be overlooked.
It is a fact that a section of VPN users use the service because they want to stay anonymous online, for many reasons. Several such apps cause DNS leaks without any notification to their users. Some of these apps use blacklisted DNS servers and blocked TCP ports, which lead to sites failing to load.
So, Upgrading to Paid VPNs will Solve the Woes?
It seems apparent that using paid VPN apps on Android is safer. However, Migliano is not certain if that will resolve the privacy and security issues fully. While the paid VPN apps come with better features and they are likely to offer better privacy, they may not be perfect.
The team did not test paid versions of the tested VPN apps, but they think the core privacy issues may still persist. The core app remains the same even if you buy a subscription package.
If upgrading to the paid VPN apps is not possible, but you still want privacy and online anonymity, sticking to the top free VPN apps is better
While these apps, including the likes of Hotspot Shield Free, Turbo VPN, and SpeedVPN were detected either with DNS Leaks or risky functions and permission, they did not contain any malware.