VPNs are the most common way to bypass geo-limitations and get some added privacy. However, a new survey finds that many free Android VPNs are not encrypted at all, and even leak users' Web traffic.
The survey has been conducted and compiled by security researchers from institutions like the University of California at Berkeley and CSIRO, a federal research agency in Australia. It studied nearly 300 free Android VPNs and found out that majority of them leaked users' Web traffic. The report states that almost 84 percent of VPNs leaked users' Web traffic, 38 percent contained malware or malvertising, and 18 percent apps didn't encrypt data. OkVPN topped in the malware content list, followed by EasyVPN, SuperVPN, Betternet, and CrossVPN.
Three apps - Neopard, DashVPN, and DashNet - were found to directly intercept traffic, however, the developers claimed that it did that to only speed up connections. Narseo Vallina-Rodriguez, a security researcher from IMDEA Networks and ICSI who co-authored the study told The Verge, "To me, the shocking fact was that people trust this kind of technology." If any of these VPNs aren't trustworthy, a lot sensitive content could be exploited. VPNs that do not have encryption are vulnerable to unethical snooping. The ones that contain malware could pose a threat to users' online experience.
However, Vallina-Rodriguez does point out that these security loopholes could just be because of "lack of knowledge" and not malicious reasons. It's worth noting that only free Android VPNs were studied for this report, and there's no research to know that paid apps are void of these loopholes.