Top Free Android VPN Apps are Leaking Your Data, Study Finds

Share on Facebook Tweet Share Reddit Comment
Top Free Android VPN Apps are Leaking Your Data, Study Finds
Highlights
  • A huge number of apps either failed to work or had serious privacy issues
  • Many free VPN apps ask for permissions classified as 'dangerous'
  • Users who truly value their privacy and security should pay for a VPN

More than 25 percent of the 150 most popular free VPNs in the Google Play Store do not adequately protect users' privacy, and up to 85 percent of them open users up to various security vulnerabilities, according to a new study published by VPN reviews and advocacy site Top10VPN.com. The findings have been published in an exhaustive risk index that details each free VPN's real-world performance as well as behaviour, including the permissions they ask for and whether they potentially contain malware. The 150 free VPNs tested have been ranked on the basis of their total install base as reported on the Google Play Store.

The biggest problem identified is DNS leakage, which means that while network traffic such as the contents of Web pages and messages might be encrypted, the VPNs allowed DNS requests to be passed through a device's default configured DNS servers. This would allow a network operator such as an ISP to track the user's online activity, potentially defeating the purpose of the VPN itself.

Beyond that, 66 percent of the apps tested (99 in total) asked for unnecessary permissions that are classified as “dangerous” in official Android developer documentation. 25 percent of apps (38) asked to track location, while 38 percent (57) requested access to personal information on the Android device and a smaller unspecified number wanted to use the device's cameras and microphone or send text messages.

In total, 63 percent of the apps (95) were tagged in the report as featuring functions with the potential for privacy abuse. 18 percent (27) of the apps were flagged for potential viruses or malware when scanned.

The risk index does point out that simply asking for permissions does not mean that an app is malicious, but it is not very conducive to earning user trust. It could be a sign of sloppy practices on the part of the programmers, or it could be in order to help target the advertising that keeps these apps free. The risk index states that none of today's top paid VPN services require such permissions or contain such functions.

Several of the apps could not be fully tested for network security. 14 percent used DNS servers that have been blacklisted and 62 percent led users to blocked TCP ports, causing errors that prevented websites from loading. All of the apps that could be tested did successfully create encrypted VPN tunnels, but several of them did allow DNS leaks without any indication to the user, and two of the apps even leaked the test device's actual IP address, completely defeating the purpose of a VPN.

The top 10 free VPN apps by install base are HotSpotShield Free, SuperVPN, Hi VPN, HotSpotShield Basic, Psiphon Pro, Turbo VPN, VPN Master, Snap VPN, Hola, and Speed VPN, with between 10 million and 50 million users each. None were flagged for malware, but all were flagged for at least one of the core issues: risky permissions, risky functions, or DNS leakage.

Some of the VPN providers responded to Top10VPN.com's findings, and this has been factored into the risk index's findings and expressions of confidence written for each app. The exhaustive report with individual problem reports for each free app can be found here. Users who are concerned about privacy and security are advised that free VPNs might not be a viable option at all.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Jamshed Avari

Jamshed Avari has been working in tech journalism as a writer, editor and reviewer for over 13 years. He has reviewed hundreds of products ranging from smartphones and tablets to PC components and accessories, and has also written guides, feature articles, news and analyses. Going beyond simple ratings and specifications, he digs deep into how emerging products and services affect actual users, and what marks they leave on our cultural landscape. He's happiest when something new comes ...More

Boat Stone 700A Smart Speaker With Built-in Alexa Support Launched in India
Second Woman Carrying Gene-Edited Baby, Chinese Authorities Confirm
Read in: বাংলা
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.