VPNs are useful for encrypting your web traffic or getting around regional restrictions. Most of these VPN services require a subscription, but many also offer free options. Researchers tested 283 different apps and found that many of those apps inject adware, trojans, malvertising or spyware. What they found was not great:
- Eighteen per cent do not encrypt traffic
- Eighty four per cent leak user data
- Thirty eight per cent reveal malware or malvertising
- Eighty per cent request access to sensitive data like user accounts or text messages
Unfortunately, the paper doesn’t go through a full ranking of all 283 apps it tested, nor does it rank the best or most secure services. It does at least go through the worst, which are shown in the table above, using a VirusTotal ranking system. This includes one we’ve mentioned before, Betternet.
The biggest problem here is that in most cases, the researchers found that other than Hola, the VPN providers did not usually admit to the practice of injecting its own ads or forwarding traffic. When researchers reached out to the developers, many didn’t respond, while others simply confirmed that their free version injected code to show their own ads. Thankfully, some of the worst offenders, including the top three, have all been removed from Google Play.
It’s no secret that VPNs are shady and finding a good one requires actual effort, but this is a nice reminder that you should always do some research before using any type of security software. For what it’s worth, we’ve found Private Internet Access, SlickVPN, NordVPN, Hideman and Tunnelbear have all been reliable and transparent over the years. There’s also no reason to assume this is restricted to Android. iOS and desktop VPN apps likely have similar problems.