The Dark Side of Free Android VPNs

There was a ruling that came into effect in Australia recently which is concerning to those who care about privacy.

The ruling requires telecommunication service providers to keep meta data on communications for up to 2 years. For phone calls the data they keep is:

  1. Incoming caller ID
  2. Outgoing caller ID
  3. Date, time and duration of the call
  4. Location of the device that initiated the call

ISPs will keep the following meta data regarding online activity:

  1. Sender’s email address
  2. Recipients email address
  3. time and date of email
  4. The size and file type of any attachments.

In the wake of this news many are resorting to using VPNs in an effort to escape the dragnet of mass data collection. However not all VPN’s are created equal and some are

A recent study looked at in detail a range of free VPNs available on Android devices via the app store found that 38% of free VPNs available contain malware. Many users of VPN services do so to get around geoblocked content and to enhance their online security and privacy. Using a lot of these free VPNs however is simply exchanging one surveillance entity for another.

The most troubling findings of the study for those using free VPNs for security include

  1. 75% use third party tracking libraries

  2. 38% contain malware

  3. 16% actually intercept modify http requests and some were found to inject JavaScript into pages for advertising and tracking purposes.

A closer look at how many tracking libraries VPN apps have installed is quite shocking, with almost a third of free VPN apps having 5 or more tracking libraries in the app. In addition to this the methodology used to detect third party tracking apps means this is a conservative figure and is more than likely under counting.

Distribution of tracking libraries in free Android VPN apps

# Trackers% of free Android apps

The story about free Android VPN apps doesn’t get much better from here with a high proportion leaking IPv6 and DNS traffic (84% and 66% respectively). In fact one app, namely ‘HotSpotShield’ actually redirects users to and through its partner networks. This is a blatant affiliate marketing fraud as they will surely get commission on any subsequent transactions a user performs on Alibaba or ebay.

How do I protect myself?

Well for starters stay well away from free VPN apps. There is no reason to think iOS developers are any more trustworthy than Android developers, if there was a similar study of free VPNs on iOS I would expect to see a similar story.

A paid VPN is definetely the way to go, but which one? ‘That One Privacy Guy’ has put together a guide on how to choose a VPN and comparisons of different VPN providers.

Most of these will have concurrent users ability meaning you can set it up on all your of your devices. The prices are reasonable too (usually a couple of cups of coffee a month) especially if you buy a longer term plan.


Send a Comment

Your email address will not be published.