A study by researchers from Data61/CSIRO, UC Berkeley, UNSW Sydney, and UCSI found that several popular VPN services on Android open up a variety of security holes, including injecting JavaScript for ads and tracking services, traffic redirection to commerce sites, and more.
Researchers tested 283 different apps and found that many of those apps inject adware, trojans, malvertising, or spyware.
Here is what they found:
Lifehacker has found Private Internet Access, SlickVPN, NordVPN, Hideman, and Tunnelbear have all been reliable and transparent over the years. There’s also no reason to assume this is restricted to Android. iOS and desktop VPN apps likely have similar problems.
- 18% do not encrypt traffic
- 84% leak user data
- 38% reveal malware or malvertising
- 80% request access to sensitive data like user accounts or text messages
According to Lifehacker, some of the worst offenders, including the top three, have all been removed from Google Play.
Lifehacker has found Private Internet Access, SlickVPN, NordVPN, Hideman, and Tunnelbear have all been reliable and transparent over the years. There’s also no reason to assume this is restricted to Android. iOS and desktop VPN apps likely have similar problems.
The paper is available at https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf