card

Free Android VPN security flaws: 100 apps tested

06.08.2024
205

A saying goes like this: "If you're not paying for a product, you are the product". This is true as recent research discovered that Google Play Store's top 100 free VPNs have serious security and privacy flaws that affect Android users worldwide. Based on a careful review of these programs, these apps pose a serious risk to users' online security and privacy, with over 2.5 billion downloads worldwide.

Warning discoveries: VPN security testing for Android

VPN encryption failures

Over 10% of the tested VPN apps experienced encryption failures. These ranged from total exposure of internet activity to partial leaks of website visit details.

Leaky VPNs

A staggering 90% of the apps had some form of data leakage. Seventeen of these apps leaked more than just DNS request data, posing substantial privacy threats.

VPN tunnel instability

More than half of the VPNs exhibited signs of instability within their VPN tunnels, compromising secure connections.

Weaker encryption

36% of the VPNs used suboptimal encryption methods. Only 20% employed the strongest available hashing algorithms, making many of these services vulnerable to attacks.

Risky permissions

Almost 70% of the VPN apps requested at least one permission that posed a privacy risk. This included location tracking (20%) and scanning for installed apps (46%).

Proprietary code risks

53% of the VPNs contained functions in their own source code that posed potential privacy risks, paired with matching permissions.

Third-party software libraries

80% of the apps included software libraries with functions and permissions that could endanger user privacy.

Embedded third-party tracking code

84 of the apps contained SDKs from marketing or social media platforms. Sixteen of these apps had 10 or more of these tracking SDKs, significantly increasing the risk of data misuse.

Privacy risks related to device hardware

Nearly a third (32%) of the VPNs declared the use of device features and sensors that raised privacy concerns. This included access to cameras (15 apps) and GPS location-tracking hardware (14 apps).

Third-party data sharing

71 of the VPNs were found to share personal data with third parties like social media platforms and data brokers. This included device fingerprints (37 apps), IP addresses (23 apps), and unique tracking IDs (61 apps).

Suspected malware

19% of the VPN apps were flagged as malware by antivirus scanners, raising severe security concerns.

Discrepancies in data safety labels

93 of the VPNs had inconsistencies between their privacy policies and the data safety labels listed on the Play Store, misleading users about their privacy practices.

Making informed choices

This research highlights the dangers of free VPNs and underscores the importance of choosing a reliable, secure hide VPN service.

Why choose a paid VPN like Hide Expert VPN?

For those seeking a trustworthy VPN, Hide Expert VPN stands out as a top choice. Here are some features of a good paid VPN:

  • Strong encryption
  • Stable connections
  • Minimal data logging
  • Responsive customer support.

Other comprehensive features Include features like kill switches, multi-device support, and access to geo-restricted content.

Choosing a paid VPN like Hide Expert VPN ensures robust protection for your online activities, safeguarding your privacy and security.