Research result and Security warnings about some popular Android VPN apps

Virtual Private Networks "VPN" are useful for encrypting your web traffic or getting around regional restrictions. Most of these VPN services require a subscription, but many also offer free options.

A study by researchers from Data61/CSIRO, UC Berkeley, UNSW Sydney, and UCSI found that several popular VPN services on Android open up a variety of security holes, including injecting JavaScript for ads and tracking services, traffic redirection to commerce sites, and more.

Researchers tested 283 different apps and found that many of those apps inject adware, trojans, malvertising, or spyware. 

Here is what they found:
  • 18% do not encrypt traffic
  • 84% leak user data
  • 38% reveal malware or malvertising
  • 80% request access to sensitive data like user accounts or text messages
Here is how the 283 apps tested using a VirusTotal ranking system, scored...

According to Lifehacker, some of the worst offenders, including the top three, have all been removed from Google Play.

Lifehacker has found Private Internet AccessSlickVPNNordVPN, Hideman, and Tunnelbear have all been reliable and transparent over the years. There’s also no reason to assume this is restricted to Android. iOS and desktop VPN apps likely have similar problems.