25% fail to protect users’ privacy due to DNS
85% feature intrusive permissions or functions
in their source code – often used for invasive advertising
– that could potentially spy on users. 99
apps had ‘dangerous’ permission requirements – 87 tracked location, 48 could
run system commands, 45 had telephone and contact access, and 57 had access to
personal information or had microphone and camera control.
scanners saw 18% of apps as potentially containing malware or viruses.
95% of apps have performance or security anomalies
in network testing.
The main issues include
DNS leaks are when a VPN fails to force DNS requests through
its encrypted tunnel to its own DNS
servers and instead permits the requests
to be made directly to the default ISP DNS servers.
Intrusive permissions are anything the app does not need to
function, e.g. there is no need for any permissions
at all to perform VPN services.
Antivirus scanners see these for what they are – thinly disguised
adware or part of a malware loader.
And performance issues
– by far the biggest problem – includes high packet loss and latency, or
blocked ports, which typically result in a glitchy and unstable internet
There were also some
fake apps that simply stole your
“Surging consumer demand for free VPN services is being met by opportunistic Android developers, who are taking advantage of both the lack of consumer understanding of the product and minimal oversight by the Google Play store to cash in.
“The result is something of a Wild West scenario. We are seeing apps that have been slapped together as a vehicle for aggressive advertising using third-party libraries that are not necessarily appropriate for use in a privacy application.
Miligiano says fundamental to the concept of a VPN is masking a user’s true location.
He says it’s disturbing to see just how many apps contain code for getting the user’s last known location. It’s also hard to believe that any developer could expect anyone to trust their VPN app when it includes permissions and commands for using the camera or accessing your contacts.
“Following on from our recent investigation that revealed the hidden Chinese ownership of some of the biggest free VPN apps, we created the Risk Index to help consumers avoid using dubious free apps that, rather than protect their privacy, put it at risk. With the free apps in our study, there’s a one in four chance of unwittingly exposing your activity due to a DNS leak even as you thought yourself protected.”
GadgetGuy’s take – there ain’t
no such thing as a free lunch
While Top10VPN Free VPN Risk Index is a great start (and if you use it you may find a couple of adequate free VPNs), it shows just how lawless the app world is.
Anyone can write an app, place it in an app store and rip
off user details.
Or, if you are Facebook
buy Onavo and turn it into a massive
spying and information gathering free app for
your its own use.
If you use Android make sure that you go to the apps permissions and switch them all off. Otherwise, be like me and use Private Internet Access that costs US$39.95 per year, does an amazing job, works on multiple devices, and does not want even one permission – as it should be.