Skip to main content
  1. Home
  2. Phones
  3. Android
  4. Apple
  5. Mobile
  6. News

Security researchers warn against using shady VPN Android apps

By

If you’ve ever needed to conduct business over the internet somewhat privately on your phone, a virtual private network — or VPN, for short — is an excellent way to go about it. It’s basically an encrypted third-party middleman that sits between you and the wider internet, protecting your data from prying eyes.

And its practically foolproof — even if a hacker were to penetrate the “tunnel,” so to speak, they would struggle to read the data within. But to use a virtual private network, you need an app, and not all apps are as secure as the virtual private network itself.

Recommended Videos

Security researchers at CSIRO’s Data 61, the University of New South Wales, and UC Berkeley studied 283 VPN apps for Android available from the Google Play Store. A whopping 38 percent of the apps on the Google Play Store that were tested contained some form of malware, adware, trojan, or spyware, while 67 percent featured at least one third-party tracking library. As many as 82 percent requested permissions to access sensitive user data, including text messages and call logs.

The researchers categorized the “worst offenders” — apps with an excessive amount of malware — in a top-ten chart.

And to make matters worse, many fell short of delivering the anonymity they promised. Around 18 percent of the VPN apps didn’t encrypt traffic, and 16 percent routed traffic through other users of the same app rather than a dedicated server. And as many as 66 percent leaked traffic, which the researchers noted could “ease online tracking activities” performed by unscrupulous Wi-Fi hot spot administrators and “surveillance agencies.”

Worryingly, more than 25 percent of the apps received at least a 4-star rating. “According to the number of installs of these apps, millions of users appear to trust VPN apps despite their potential maliciousness. In fact, the high presence of malware activity in VPN apps that our analysis has revealed is worrisome given the ability that these apps already have to inspect and analyze all user’s traffic with the VPN permission,” the researchers wrote.

Ultimately, the survey’s authors recommend “looking before you leap,” in a sense — in other words, researching the VPN apps you’re considering and ensuring they act and behave as advertised. Be especially wary of free apps, they say. Stick to well-known companies that are transparent about their practices. And if an app requests access to sensitive information during the installation process for no good reason, it’s probably best to get rid of it.

Kyle Wiggers
Kyle Wiggers
Former Staff Writer
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Topics
Apple’s next iPad mini could take a big leap in performance and visual experience
Apple's smallest tablet may be on track for its most significant leap yet, combining a next-generation A20 Pro chip with an OLED display.
Person holding the iPad Mini 7.

Apple's next iPad mini could be significantly more powerful than its predecessor, says a MacRumors report. The publication claims that the purported iPad mini could feature Apple's A20 Pro chip, and if you haven't heard its name yet, that's because it is supposed to launch alongside the iPhone 18 Pro models in 2026.

Not too long ago, rumors claimed that the eighth-generation iPad mini will feature the A19 Pro chip, the one powering the iPhone 17 Pro models. While that would also have provided a considerable performance boost over the A17 Pro chip in the current-generation iPad mini, the A20 Pro could be a monumental jump for the iPad mini, giving it enough headroom for several years.

Read more
Instacart may have charged you more for the same groceries and it’s just another case of AI hell
Instacart

A new investigation by Consumer Reports, in collaboration with Groundwork Collaborative and More Perfect Union, suggests that Instacart’s use of artificial intelligence in pricing experiments may have resulted in shoppers paying different amounts for the same groceries.

The findings point to a system where prices can quietly vary between users, even when orders are placed at the same retailer, at the same time, and for identical products. The study tracked over 400 Instacart users across four major U.S. cities and found that the price tag on a carton of eggs or a bag of chips often depended on who was holding the phone.

Read more
Your Pixel could soon get better at avoiding accidental pocket dials
Google appears to have finally addressed an issue that has frustrated Pixel users for years.
Rear shell of Google Pixel 10 Pro.

Google is finally addressing a long-standing issue that has frustrated Pixel users for several years. The company recently marked the accidental touch prevention problem that has been around since the Pixel 6 days as "fixed" in its public bug tracker, indicating that a solution is on the way.

Pixel phone users have long dealt with accidental actions, like unintended calls, apps opening on their own, and the flashlight turning on while the device sits in their pocket. While brands like Samsung and OnePlus offer a built-in accidental touch protection feature that uses the proximity sensor to disable touch input when the device is in a pocket or bag, Google has yet to offer a comparable solution on its Pixel lineup.

Read more