User Privacy Failures and Malware Found In Top Free VPN Android Apps

Worrying security flaws and significant privacy failures were spotted in many of the top free virtual private network (VPN) apps for Android devices. Some of the most popular free VPNs were leaking users’ data, exposing it to their internet service providers (ISPs). What is more concerning is that nearly all of the researched VPNs featured permissions that potentially abuse the users’ privacy.

According to a recent report on free Android VPN apps published by Simon Migliano, head of research at Top10VPN, 85 percent of the 150 most popular VPN applications that can be downloaded for free on Google Play store, contain fundamental failures that can compromise your privacy and anonymity.

The apps that were part of the research have a total of over 260 million downloads together.

Free VPN Risk Index Findings

The research is presented through a risk index of free Android VPN apps. Its main purpose is to help users to recognize and locate risky VPNs that not only will fail to protect them but will also put their privacy in danger.

It’s not the first time for users have been warned about free VPNs, but the new findings are worrying considering the number of flaws detected. The most serious flaws were data leaks, intrusive permissions, and risky functions, as well as malware.

When it comes to leaks, the summary findings of the risk index show that 25 percent of all apps leaked your DNS, four of them showed WebRTC leaks, and two tested positive for all leaks, DNS, WebRTC and IP address. This means that a total of 44 of 150 apps won’t keep your anonymity shielded on the internet. On a more positive note, all 150 of the apps passed the test for encryption.

Intrusive permissions are those that are not necessary for your VPN to run on your device. For example, your mobile VPN app does not need access to your camera, permission to record audio or to send SMS. They should not demand these kinds of permissions, unfortunately, the numbers show many do.

More than half of these VPNs asked for external storage access, 54 of them asked to access the phone features of the device which can easily reveal your phone number and the serial number of your phone. A total of 38 apps requested permission to access fine location, and 32 demanded access to the users’ coarse location. Among these intrusive permissions were also access to Bluetooth, contacts, camera, and SMS.

It remains unknown how many of these permissions and functions were exploited for malicious purposes.

The free VPN apps for Android were also scanned for malware and the results showed that 27 apps, or 18 percent of the total 150 VPNs, tested positive for malware.

Top 10 Free VPN Apps Results

What’s even more concerning is that among the top 10 most downloaded VPN applications on Android, not one is entirely safe. None of the most downloaded 10 VPN apps showed signs of malware, but six of them were positive for some form of leaks.

Hotspot Shield Free holds first place in popularity with 50 million downloads. It showed no leaks but had risky permissions and functions; the app requires your permission to read your phone state and access the external storage. Additionally, the Hotspot Shield Free app is able to obtain certain information such as your phone number and location, and can even execute commands on your phone.

The Dangers of Using A Free VPN

This research is not the first of its kind. Many of these analyses have proven the dangers of using a free virtual private network.

Another recent report also conducted by Migliano, showed that over half of the free VPN apps found on both Apple’s App Store and Google Play Store were connected to Chinese companies. Considering the country’s internet policies and their extensive censorship and surveillance, it’s difficult to say with certainty whether these apps are secure. The answer is most probably negative.

“Free” usually comes at a high price. Many free VPNs collect and sell your data to third parties. Often, they log your IP addresses and the websites you visit through their servers. Additionally, it’s known that free VPNs are slower, they offer only basic security, and significantly lower server coverage.

These are just some of the things that might go wrong.

Best Free VPN App For Android

Among the VPNs that were listed in the free VPN risk index, only a few were completely safe to use. TunnelBear, as one of the more popular names in the industry especially when it comes to free VPNs, showed no signs of malware, no leaks and it tested negative for any risky permissions or functions.

Once again Tunnel Bear has proven to be a trustworthy VPN provider that protects the safety and privacy of its users. The free mobile app is limited, which is definitely a drawback. But for users that cherish privacy, Tunnel Bear is an excellent choice. It uses AES 256-bit encryption by default and has a no log privacy policy.

The provider grants 500 MB of free bandwidth per month, but it also has paid price plans without data restrictions for more demanding users. The VPN covers some of the best server locations around the world, although their server count is quite modest. The speed and performance are also excellent, which means you won’t have connectivity issues nor a slow and faulty internet experience.

Overall, it’s safe to say that finding a completely free and unlimited provider that at the same time will be safe and protect your online identity, is like searching for a needle in a haystack. Instead of wasting too much of your time with free VPN apps, do research on the high-performance providers in the VPN industry. Many of them are affordable, and some offer free trials or decent money-return policies. You can also run into some exclusive discounts and find a good provider for just a few bucks per month.

Your online privacy should be your main concern when you search for a virtual private network, and we are here to help you make the right choice. If you have any questions regarding the topic, make sure you post your comment below.