Researchers find that many Android VPNs are security hazards

midian182

midian182

Posts: 9,734   +121
Staff member

Virtual private networks have been popular among computer users for some time, and they’re starting to find their way onto more Android devices as an increasing number of apps, such as photo editor Meitu, harvest user location data. But researchers have found that many of these VPNs are security nightmares.

Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO), along with security researchers from the University of South Wales and UC Berkley, tested 283 VPN apps from Google’s Play Store. The results showed that 38 percent of them contained some form of adware, malvertising, trojan, riskware, or spyware. Additionally, 67 percent featured at least one third-party tracking library and 82 percent request permissions to access sensitive data, including user accounts and text messages.

The VPNs also fell short in other areas: 18 percent of them didn’t encrypt traffic, 16 percent routed it through other users of the same app (rather than using dedicated servers), 84 percent had IPv6 traffic leaks, and 66 percent had DNS leaks.

“Both the lack of strong encryption and traffic leakages can ease online tracking activities performed by inpath middleboxes (e.g., commercial WiFi [Access Points] harvesting user’s data) and by surveillance agencies,” warns the report.

One might imagine that the apps in question are quite unpopular and come with a slew of negative reviews, but this often isn’t the case. “37% of the analyzed VPN apps have more than 500K installs and 25% of them receive at least a 4-star rating,” the researchers write.

The report lists the ten worst VPN apps using an anti-virus (AV) ranking based on the researchers’ findings, though it’s worth noting that OKVpn, EasyVPN, and sFly Network Booster are no longer listed on the Play Store.

Despite the VPNs’ issues, only a small number of users - around one percent - raised concerns in the apps’ reviews. So remember to do your research if you intend on installing an Android VPN, especially if it’s free.

Permalink to story.

https://www.techspot.com/news/67918-researchers-find-number-android-vpns-security-hazards-reveal.html

 
"Only a small number of users - around one percent - raised concerns in the apps’ reviews": it's not like these problems are easy to detect for the average user. I don't use a VPN, but even if I did I really wouldn't know where to start from. It really takes experts to judge how good a VPN is!
 
Fabio Turati said:
"Only a small number of users - around one percent - raised concerns in the apps’ reviews": it's not like these problems are easy to detect for the average user. I don't use a VPN, but even if I did I really wouldn't know where to start from. It really takes experts to judge how good a VPN is!
Click to expand...

Finding a good VPN is tough because most of the review sites are paid shills, just like with anti-malware reviewers. Some of the review sources are actually owned by the companies they promote! I tend to get the most objective info from the big established voices like CNET or Computerworld.
 
Fabio Turati said:
"Only a small number of users - around one percent - raised concerns in the apps’ reviews": it's not like these problems are easy to detect for the average user. I don't use a VPN, but even if I did I really wouldn't know where to start from. It really takes experts to judge how good a VPN is!
Click to expand...
Easy enough actually. AirVPN is the gold standard when it comes to security. ExpressVPN and iVPN are also okayish. NordVPN can be alright too, if ur not too worried about everything being perfct. Mmmm which else..First you gotta find out what you want in a VPN. So for example if you wanna torrent stuff, like from the piratebay for example, then you need a VPN which allows P2P and ideally has no logs either. Average users are average because they cba to do sum reading lulz
 
Is it really surprising that these VPNs are such security risks? They are simply a means of allowing the crook's targets to self-select. Who would be a better person to target than one who thinks they have something they need to hide away?
 
Kunming said:
Fabio Turati said:
"Only a small number of users - around one percent - raised concerns in the apps’ reviews": it's not like these problems are easy to detect for the average user. I don't use a VPN, but even if I did I really wouldn't know where to start from. It really takes experts to judge how good a VPN is!
Click to expand...
Easy enough actually. AirVPN is the gold standard when it comes to security. ExpressVPN and iVPN are also okayish. NordVPN can be alright too, if ur not too worried about everything being perfct. Mmmm which else..First you gotta find out what you want in a VPN. So for example if you wanna torrent stuff, like from the piratebay for example, then you need a VPN which allows P2P and ideally has no logs either. Average users are average because they cba to do sum reading lulz
Click to expand...

Is that a 'recent' opinion of NordVPN? I've been looking into getting a VPN and had just about settled on Nord because they've supposedly improved a great deal and offer 6 simultaneous connections. But that came from review sites, which I don't necessarily trust.
 
I've been using PIA for almost a year now, and even though it fulfills it's role, it's on the slow side lately with top downloads of 2mbps.
 
mbrowne5061 said:
Is that a 'recent' opinion of NordVPN? I've been looking into getting a VPN and had just about settled on Nord because they've supposedly improved a great deal and offer 6 simultaneous connections. But that came from review sites, which I don't necessarily trust.
Click to expand...
Yes. Nord is very fancy. And it'll do the job. But as I try to say, if you want something which is the most secure possible (without saying Nord is *terrible* or anything), then airvpn just beats them all, simply due to their standards. Standards which, on the flipside, can also be restrictive for some. for example, on airvpn only the openvpn protocol is supported, because it's the most secure and the speed is fine too. While on other vpns like nord and pia, they support ones like PPTP and L2TP and IKEV2 etc. Ones which aren't secure in the case of the first 2 and "dubious" in the case of ikev. Many people they like this, because their machines dont support openvpn or whatnot. So its really a matter of what you need/want in a vpn.

so if 6 connection is the selling point for you, then go for it. It just requires tracking. dunno if im allowed to, but you can read one of the user reviews on nord:

https://airvpn.org/topic/18407-hello-airvpn-goodbye-nordvpn-d/?p=44034
(If the mod removes the link, then just go to the airvpn forums>other vpn reviews and read the nord thing if you want. Nordvpn also has forums, which you should check)

so find out what you want in a vpn. If it's just a "netflix vpn" then pick whatever that has a few servers. If its for something really secure and private, then make sure you check all their policies and tech. You want to avoid overselling and too much marketing hype ideally. Dont be afraid of asking for trials and such (do avoid ivacy vpn thuo, its a scam lol)
 
Last edited:
  • Like
Reactions: mbrowne5061
I also use PIA as it got fairly good reviews (I know it's not the best). I agree with Kibaruk that it is quite slow when used on a Windows PC. I don't use it on Android as it slowed my downloads to a crawl or not at all.
 
Capaill said:
I also use PIA as it got fairly good reviews (I know it's not the best). I agree with Kibaruk that it is quite slow when used on a Windows PC. I don't use it on Android as it slowed my downloads to a crawl or not at all.
Click to expand...
I also paid $40 for the whole year, so I'm good with it being a tad bit slow if it fulfills it's role.
 
Capaill said:
I also use PIA as it got fairly good reviews (I know it's not the best). I agree with Kibaruk that it is quite slow when used on a Windows PC. I don't use it on Android as it slowed my downloads to a crawl or not at all.
Click to expand...
PIA is a terrible VPN. The only reason it gets good reviews is because its where all the newbs go. they dunno what to look for, so anything that doesnt cause problems looks good to them, even if the client sucks, leaks all over the place and so on.
 
Kunming said:
Fabio Turati said:
"Only a small number of users - around one percent - raised concerns in the apps’ reviews": it's not like these problems are easy to detect for the average user. I don't use a VPN, but even if I did I really wouldn't know where to start from. It really takes experts to judge how good a VPN is!
Click to expand...
Easy enough actually. AirVPN is the gold standard when it comes to security. ExpressVPN and iVPN are also okayish. NordVPN can be alright too, if ur not too worried about everything being perfct. Mmmm which else..First you gotta find out what you want in a VPN. So for example if you wanna torrent stuff, like from the piratebay for example, then you need a VPN which allows P2P and ideally has no logs either. Average users are average because they cba to do sum reading lulz
Click to expand...

Excellent products are not cheap on the list of VPN's.... add StrongVPN with AirVPN and ExpressVPN, but don't blame an excellent VPN if a problem arises in another area. I have serviced many people who have an old router/modem, a R/M in the wrong place and others who have bad connections in their system.
 
psycros said:
Some of the review sources are actually owned by the companies they promote! I tend to get the most objective info from the big established voices like CNET or Computerworld.
Click to expand...
Unfortunately, I've head stories of CNET downloads being accompanied by "Open Candy", or whatnot.

I can't say if that's true, just hearsay. It would be worth a look from someone other than me, and more familiar with CNET,
 
Makson said:
Excellent products are not cheap on the list of VPN's.... add StrongVPN with AirVPN and ExpressVPN, but don't blame an excellent VPN if a problem arises in another area. I have serviced many people who have an old router/modem, a R/M in the wrong place and others who have bad connections in their system.
Click to expand...
And why do you think strongvpn is good?
 
Strong VPN is excellent, better than good, because it has many servers throughout the world, has a prompt, solid support system and Netflix USA, UK, Singapore, Hong Kong, Canada, BBC UK, & ITV etc; are NOT blocked by Netflix or other media 'producers's, StrongVPN and other 'top-of-the-list VPN's have technicians who have methods of by-passing the blocks because VPN's are not illegal, countries like Australia and their Communications Authority, for some weird reason,want to protect local low-grade, pathetic,weak TV shows and talentless entertainers, and repetitious, stupid TV ads drive people crazy.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Windows 11 Android support ends next March
Replies
5
Views
169
trents
T
Shawn Knight
Researchers develop self-destructing circuits to defend against attacks, counterfeiting
Replies
13
Views
230
Disiw
D
Shawn Knight
Vast majority of US hospital websites are sharing visitor data with Big Tech companies
Replies
8
Views
118
Dimitrios
Dimitrios

Latest posts

Back