Top10VPN has researched the 150 most popular free VPNs on Google Play and shows it is as dangerous and lawless as the Wild, Wild, West.
The analogy is accurate. The law of the Wild West was do anything if you didn’t get caught or shot. Sheriffs cowered as might overtook right.
Top10VPN has created a Free VPN Risk Index and found
- 25% fail to protect users’ privacy due to DNS leaks.
- 85% feature intrusive permissions or functions in their source code – often used for invasive advertising – that could potentially spy on users. 99 apps had ‘dangerous’ permission requirements – 87 tracked location, 48 could run system commands, 45 had telephone and contact access, and 57 had access to personal information or had microphone and camera control.
- Antivirus scanners saw 18% of apps as potentially containing malware or viruses.
- 95% of apps have performance or security anomalies in network testing.
The main issues include
DNS leaks are when a VPN fails to force DNS requests through its encrypted tunnel to its own DNS servers and instead permits the requests to be made directly to the default ISP DNS servers.
Intrusive permissions are anything the app does not need to function, e.g. there is no need for any permissions at all to perform VPN services.
Antivirus scanners see these for what they are – thinly disguised adware or part of a malware loader.
And performance issues – by far the biggest problem – includes high packet loss and latency, or blocked ports, which typically result in a glitchy and unstable internet experience.
There were also some fake apps that simply stole your credentials.
Why are free VPN apps poison?
Simon Migliano, Head of Research at Top10VPN.com, says:
“Surging consumer demand for free VPN services is being met by opportunistic Android developers, who are taking advantage of both the lack of consumer understanding of the product and minimal oversight by the Google Play store to cash in.
“The result is something of a Wild West scenario. We are seeing apps that have been slapped together as a vehicle for aggressive advertising using third-party libraries that are not necessarily appropriate for use in a privacy application.
Miligiano says fundamental to the concept of a VPN is masking a user’s true location.
He says it’s disturbing to see just how many apps contain code for getting the user’s last known location. It’s also hard to believe that any developer could expect anyone to trust their VPN app when it includes permissions and commands for using the camera or accessing your contacts.
“Following on from our recent investigation that revealed the hidden Chinese ownership of some of the biggest free VPN apps, we created the Risk Index to help consumers avoid using dubious free apps that, rather than protect their privacy, put it at risk. With the free apps in our study, there’s a one in four chance of unwittingly exposing your activity due to a DNS leak even as you thought yourself protected.”
GadgetGuy’s take – there ain’t no such thing as a free lunch
While Top10VPN Free VPN Risk Index is a great start (and if you use it you may find a couple of adequate free VPNs), it shows just how lawless the app world is.
Anyone can write an app, place it in an app store and rip off user details.
Or, if you are Facebook buy Onavo and turn it into a massive spying and information gathering free app for your its own use.
If you use Android make sure that you go to the apps permissions and switch them all off. Otherwise, be like me and use Private Internet Access that costs US$39.95 per year, does an amazing job, works on multiple devices, and does not want even one permission – as it should be.