Check out this extremely thought provoking article from Ars Technica about a study VPN apps offered in the Goggle Play marketplace.
According to the study, which analyzed the source code and network behavior of 300 Android VPN apps (link to study below):
• 82% unnecessarily accessed sensitive information on the user’s phone such as user accounts and text messages
• 38% contained known malicious code
• 18% did NOT encrypt traffic, leaving users open to man-in-the-middle attacks when connected to Wi-Fi hotspots or other types of unsecured networks
• 84% leaked IPv6 traffic data
• 66% leak DNS request data
• 4 of the 300 apps installed digital certificates that caused the apps to intercept and decrypt transport layer security traffic sent between the phones and encrypted websites
• 16% injected ads or tracking code into users' Web traffic
• Of the 67% of VPN products that specifically listed enhanced privacy as a benefit, 75% of them used third-party tracking libraries to monitor users' online activities
Unfortunately, the study concludes that it is difficult, even for tech-savvy users, to personally audit the performance and effectiveness of your VPN service. However, after reading the study, I noticed two things: most of the offending apps were “free” in the Google Play store, and they were all offered by companies/developers that have ZERO reputation credit within the digital privacy community. If you want to pick a legit VPN service, you should go with a company that has recognition within the digital privacy community as being safe and effective, and you have to recognize that you “pay for what you get.” Avoid free VPNs like the plague!
Check out https://www.privacytools.io/#vpn for an excellent list of VPN providers that are trusted in the digital privacy community. All the VPNs listed:
- Have servers outside the US
- Use encryption
- Support OpenVPN
- Have a “No Logging Policy”
- Accept Bitcoin for private payment!
I’ve had great success with Mullvad VPN and Nord VPN. And, if you want to help support future digital privacy articles, sign-up for Nord VPN using my special link:
https://go.nordvpn.net/SHJf
Also, if you need some Bitcoin to pay for your private, secure VPN service, you can buy Bitcoin anonymously on Paxful.com (see my link below).
https://paxful.com/roots/buy-bitcoin?affiliate=bqWkbP3mdAw
The study, which was conducted by Australia's Commonwealth Scientific and Industrial Research Organization, the University of New South Wales, and the University of California at Berkeley, can be found at:
https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf
https://www.cryptotech.solutions/most-android-vpn-apps-dont-protect-their-users/