08 Feb Many Android VPN Apps Contain Malware Or Exploitable Weaknesses
If you’re like many seasoned ‘Netizins, you probably rely on some type of VPN to help ensure your digital privacy. Unfortunately, based on research conducted by Simon Migliano, you could very well be wasting your time.
Mr. Migliano is the head of research at Metric Labs and is a respected name in the industry.
He and his team have conducted an extensive survey of the top 150 VPN Android apps on Google’s Play Store, and the results are depressing to say the least. A full twenty percent of those apps have been flagged as potential sources of malware, and more than a quarter of them have deal-breaking privacy bugs including DNS leaks. Those leaks expose user DNS queries to their ISPs.
Perhaps most troubling of all, however, is the fact that taken together, these problematic apps have been downloaded more than 260 million times. That means there are legions of people who probably think they are secure, who simply aren’t.
Granted, some of the issues Migliano’s team found were relatively minor. Many of the apps in question are guilty of asking for highly aggressive permissions, which give the app (and the company controlling it) more information than they need about you. This includes how, when and where you use your device. Even so, of the top ten free VPN apps currently available on the Play Store, seven of them have DNS leaks, including popular titles like:
- Super VPN
- Hi VPN
- Turbo VPN
- VPN Master
- Snap VPN
In fact, of the top ten, the only app tested that had neither VPN leaks nor risky functions was Hotspot Shield Basic. It’s worth keeping the name of that app in mind if you are currently using something else, and it may be worth your time to make the switch.
Kudos to Migliano’s team for their diligent research!