Flaws in popular Android VPNs risk user data security and privacy

Android applications are often sneaky and contain malicious code that, among other things, allows the theft of private data. According to new data in the Top10VPN report, many infected Android applications are faulty VPNs that allow the free theft of data.

PCMag highlights details. According to the report, out of the 100 most popular VPN clients on Android worldwide, over 10 percent cannot properly encrypt transmitted data, more than half operate unstably, and 80 percent do not use the most secure encryption algorithms. Some also contain code from the company ByteDance (behind TikTok), which is not justified for the operation of VPNs. This raises the suspicions of security researchers.

According to Top10VPN data, some Android VPN applications are known for IP address or DNS data leaks, others have issues with proper transmitted data encryption, and others contain unjustified capabilities and access to Android functions, which open avenues for stealing users' private data.

Thanks to the granted permissions, some applications can, among other things, read information from the address book device location based on GPS data, read the list of installed applications, download all information about the SIM card and operator, and even read the unique device identifier used by Google for displaying targeted ads.

Among the programs listed as dangerous are Tomato VPN, Phone Guardian VPN, Ultimate VPN, Turbo VPN, Power VPN, VPN Monster, uVPN, VPN Proxy Master—Safer VPN, VPN Pro—Fast & Secure VPN, and Signal Secure VPN—Robot VPN. Rather than continuing to use them, removing them and opting for more well-known, secure solutions is better.