Unsafe VPN Android Apps Threaten Privacy

Some of the most popular VPN apps for Android are dangerous to use, according to a leading review site. The VPN apps, which are supposed to protect privacy, actually expose users to attacks according to VPN Pro.

A VPN, or virtual private network, is meant to be a way to boost privacy online. It works by re-routing traffic through a middle-man server to make it appear that your IP is in another location. When configured properly, the VPN effectively creates a secure online connection that means even though data is going through the Internet, it can't be read by anyone other than the sender and intended recipient - but there are some major caveats to that and this is only true if the sites and services you're using are all using HTTPS.

Many desktop users use VPNs as a way to disguise their location - for example when accessing sites which block certain users from certain areas, or offer different content such as Netflix.ca and Netflix.com. Others use VPNs as a way to evade monitoring by hostile governments. On mobile devices, however, VPNs are most commonly promoted as a form of "protection" when using public WiFi networks. (Source: norton.com)

Related:

• Explained: Do I need a VPN on a Public Network?
• Explained: VPN vs Proxy; What's the Difference?
• Explained: Do I need a VPN? Are VPNs Safe for Online Banking?

Rogue App Has 100 Million Downloads

VPN Pro says it has found 10 popular Android apps which have critical security bugs. The most popular is SuperVPN Free VPN Client, with 100 million installations from the Google Play store. (Source: vpnpro.com)

Others include:

• TapVPN Free VPN (10 million downloads)
• Best Ultimate VPN - Fast Secure Unlimited VPN (5 million downloads)
• Korea VPN - Plugin for OpenVPN (1 million downloads)
• VPN Unblocker Free unlimited Best Anonymous Secure (1 million downloads)
• Super VPN 2019 USA - Free VPN, Unlock Proxy VPN (50,000 downloads)

The list also includes four apps which have recently been removed from the Google Play store, but may still be widely used:

• Wuma VPN-Pro (Fast & Unlimited & Security)
• VPN Download: Top, Quick & Unblock Sites
• Secure VPN-Fast VPN Free & Unlimited VPN
• Power VPN Free VPN

Man-In-The-Middle Is Malicious

Most of the security problems were similar to that rather spectacular one in SuperVPN. Although it claims to transmit encrypted data, it does so with the decryption key easily readable, which means that the encrypted data can be decrypted.

This effectively allows for a "man-in-the-middle" attack, which in simple terms means an attacker can intercept and redirect data from a VPN to a fake website or service that looks like the intended destination. The attacker will then be able to view all the data being sent to and from the user in a completely stealth manner.

VPN Pro says it can't be certain whether the vulnerabilities are deliberate with the app developers trying to access private data, or if they are just badly designed. However, it does suspect some of the developers have manipulated the Google Play rankings algorithms.

According to VPN Pro, anyone thinking of getting a VPN app should check who is actually behind it, where it's based, and what permissions the app asks for.

What's Your Opinion?

Do you use a VPN? If so, how did you vet it to make sure it was legit? Is it simply too risky to trust free software?