How to choose an Android VPN

How do you pick the trustworthy and useful VPNs out of a lineup of possibly shady characters?

An Android VPN gives you more privacy on the mobile Internet. If you use public Wi-Fi or unprotected networks, if you're concerned about content restrictions, or if you just don't want to be tracked online, a virtual private network can give you a protected path, allowing you to secure and mask your data transmissions. VPNs can also dodge geoblocking (so you can access content in a geographical region other than your own) and bypass Internet filtering and censorship.

However, finding the right Android VPN for your needs can be challenging. First, there are nearly 100 VPNs in the Google Play Store to sort through.

vpnapps2.png

Second, VPNs can be secretive by nature -- the service may not have a detailed website, privacy or data policy, or information about their technology or standards to help you judge their effectiveness and trustworthiness.

And you do need to consider credibility, because some VPN providers may not always act in your best interest. Last year, for example, Hola reportedly exposed users' data to tracking and sold customers' spare bandwidth.

Other providers reportedly try to game the system by rewarding positive reviews of their products. "The VPN market is not one of healthy competition," writes Youknowimtheman, a frequent contributor to Reddit's VPN subreddit, who works for a VPN service and is familiar with the practice. "It is hard to get an honest review about any service."

Another Redditor is more blunt. "Many VPN services are run by a very small team of people who really don't know (or care) about how to run a VPN," said That One Privacy Guy, an /r/VPN subreddit moderator and creator of thatoneprivacysite.net, a cybersecurity website containing sweeping research on VPN privacy, security, business practices, and more. "By running complex and shady affiliate programs, they can generate referrals by hook and by crook and survive almost exclusively on marketing," he continues. "Like cockroaches, they are good at almost nothing but surviving."

What to look for in a VPN service

So how do you pick the trustworthy and useful VPNs out of a lineup of possibly shady characters? For That One Privacy Guy, it comes down to transparency: "You can't always tell which ones are trustworthy, but you can often tell which ones are bad and eliminate them from the running."

Without too much effort, you can discover a VPN provider's privacy policies and how well they intend to protect your information. Here's what to look for.

Does the VPN keep user activity logs?

A VPN provider has legitimate reasons to monitor network activity. For example, it may log your online activity for billing purposes, to monitor network operations, and to prevent abuse.

If you are concerned about your privacy, you want to learn whether your provider does collect logs, which network activity it logs, what it does with the logs, and how long it retains them. A quick search of a VPN's name and "privacy policy" should get you to the company's page on how it handles logs.

Be aware that some companies sell customer activity logs to offset the cost of running a VPN. So be wary of companies offering unlimited free VPN access: They might be selling your usage data to cover their costs.

Where is the VPN service based?

If you are especially concerned about your privacy, check where where your VPN provider is based. If the service is in one of the Five Eyes alliance of countries -- Australia, Canada, New Zealand, United Kingdom, or United States -- then your VPN activity is vulnerable to being gathered and shared among the members of the alliance. A larger circle of nations, the Nine and Fourteen Eyes, may also gather and share information. In addition to the Five Eyes group, avoid countries that have a spotty record on guarding personal privacy.

Does the VPN have an exit node in the right region?

If you want to access content in a geographical region other than your own, you can evade geoblocking restrictions by using a VPN service to connect to a server in another region.

vpnpromo.png

You can find lots of discussion about whether skirting licensing restrictions is principled. But if your goal is to access content in another region, look for a VPN that offers an exit node in the target country. Then try out the service to confirm that it hasn't been blacklisted by the media company with the content you want to watch -- the BBC and Netflix, for example, block many VPNs.

Test the VPN for leaks and speed

A VPN might seems like a black box, but you can run a few quick checks to see how well the service is protecting your data.

First, head over to IPLeak and run the test first with your VPN off, then on, to see if it is exposing your real IP address.

vpnleak2.png

Next, check whether you are leaking IPv6 traffic.

Finally, surf over the DNS leak test to confirm that your traffic is anonymous.

You can also check the speed of your connection with and without your VPN running. Given the way VPNs operate, you probably will see slower networking speeds. But if a VPN server is located close to you, you may actually experience a faster connection with your VPN turned on.

Which protocols does the VPN use?

Many VPN providers use the open-source OpenVPN software to create a private point-to-point connection, and a widely used encryption tool such as AES or Blowfish to encrypt the data.

A few VPN providers use their own proprietary VPN tools. There are valid reasons for not using industry-standard tools to create a VPN service -- nonstandard services are harder to detect and therefore block. However, it is also harder to gauge how well the service is protecting your privacy when the code's not open.

Avoid any VPN using the outdated PPTP protocol.

Is a VPN enough?

If your needs are simple (getting outside a school's network, for example), a trustworthy VPN might be as much privacy protection as you need.

However, if you are looking for end-to-end security and privacy, a VPN is just one part of a toolkit that could include using Tor software like the Orfox browser and blocking WebRTC browser-based communications.

For more on how to protect your privacy online, check out Privacytools, Prism Break, and That One Privacy Site.

More resources

Find the best free Android VPN

Find the best paid Android VPN

What to look for in an Android antivirus app

Ransomware's growing threat to Android

About Clifford Colby

Clifford Colby follows the Mac and Android markets for Download.com. He's been an editor at Peachpit Press and a handful of now-dead computer magazines, including MacWeek, MacUser, and Corporate Computing.

Member Comments

Conversation powered by Livefyre