Skip to main content
  1. Home
  2. Phones
  3. News

Your free mobile VPN is a privacy disaster. Go figure

Android's free VPNs are somehow worse than you expected

Add as a preferred source on Google
VPN
VPN Unsplash

The free VPN app you downloaded for your Android phone might be doing more harm than good. A recent large-scale audit of free Android VPN apps has shared some worrisome findings that justify some healthy suspicion. Researchers found these apps leaking traffic, sending identifying information to third parties, and basically the opposite of what a VPN is supposed to do.

The study comes from researchers at the University of Michigan, the University of New Mexico and IIT Delhi. Their findings were presented at the Network and Distributed System Security Symposium 2026 alongside MVPNalyzer, a framework designed to audit mobile VPN apps automatically and at scale.

Some VPNs could barely manage the V

The researchers tested 281 operational, general-purpose VPN apps that could be downloaded and used for free from the Google Play Store. The sample was assembled from VPN-related searches across supported countries before the apps were tested on Android 14 devices. Services that required an account or payment were excluded from the study.

Recommended Videos

Among those apps, 61 transmitted some data without encryption. Five sent sensitive VPN configuration files in cleartext, potentially allowing an attacker on the network to redirect a user toward a server they controlled. Another 29 leaked browser or DNS traffic outside the encrypted tunnel, directly undermining one of a VPN’s main selling points.

Privacy was an entirely different can of worms. Seventy-six apps sent device identifiers such as Android’s Advertising ID to third parties, opening the door to continued tracking and fingerprinting. Researchers could extract and examine VPN configuration files from 108 apps, and 107 of them misused or ignored recommended encryption and security practices.

Free is doing a lot of work here

The study does not prove that every mobile VPN is insecure. Its testing focused on free Android apps that worked without accounts or in-app payments, so the results should not be automatically extended to iPhones or established subscription services excluded by that methodology.

It does show how little protection a Play Store listing and a reassuring shield icon can guarantee. The researchers also warned that app-store disclosures, including developer-submitted Data Safety information and Google’s VPN verification badge, may operate more like marketing signals than comprehensive security guarantees. So it’s best advised to avoid downloading the first free VPNs that appear in your app store searches.

Vikhyaat Vivek
Vikhyaat Vivek is a tech journalist and reviewer with seven years of experience covering consumer hardware, with a focus on…
A broken Galaxy Fold 5 just became the Pixel desktop future I want Google to steal
A broken Galaxy Fold 5 became a tiny PC because Samsung already built the desktop mode Google keeps treating like a side quest.
Desktop mode within Android 16.

A broken Galaxy Fold 5 should be a sad little monument to modern gadget math. One busted outer display, one repair bill nobody wants to inspect too closely, and suddenly a powerful foldable starts heading toward a drawer. Instead, a Redditor turned one into a glowing acrylic DeX box with spare parts, fans, a USB hub, and the kind of LED lighting that makes every homebrew computer look mildly illegal.

https://www.reddit.com/r/SamsungDex/comments/1upica7/fold_5_dexbox/

Read more
Android’s background data habit is now written into Google Play’s fine print
The new terms clarify how Google Play services, the Play Store, and Android updates can connect in the background, even when users are not touching their phones.
Google Play Store

Android phones have always worked in the background. Google’s new Play terms make that quiet behavior much harder to ignore.

The updated Google Play Terms of Service take effect July 29, 2026, and spell out that system services on certified Android devices can use network connectivity, including cellular data, while the user isn’t actively using the phone. That includes moments when the screen is locked.

Read more
iOS 27 finally ended my accidental voice message nightmare
Your thumb can finally stop betraying you mid-conversation.
voice messages in Apple Messages

If you have ever fat-fingered the record audio button in Messages and sent an awkward, unintended voice note, you know the specific kind of panic that follows. I have done it more times than I'd like to admit, and if it weren't for the "Undo Send" feature, I would've been in some really embarrassing situations.

It usually happens when invoking the keyboard by tapping inside the text field as my fingers accidentally brush against that little recording icon. Or sometimes an accidental tap while I'm waiting for a reply ends up sending a voice recording without me even realizing it.

Read more