hacking.jpg
(Credit: Markus Spiske)

Researchers at Top 10 VPN released a startling report last month detailing the dangers of using free VPN services through the App Store or the Play Store. According to Head of Research Simon Migliano, both Apple and Google have failed to protect hundreds of millions of users from predatory VPN services that offer chillingly few details on their security practices and data collection policies.

VPNs are some of the most popular apps in both app stores, allowing users to mask their internet connection and reroute traffic to a different server elsewhere that takes the place of their IP address. They are used for both the trivial and serious, helping some people access their Netflix account while abroad and others evade harsh censors in dictatorships that have now made a habit of arresting people for comments online.

But when Migliano and his team searched "VPN" in both app stores, they were alarmed to find that most of them were either based in or routed through China -- which they said "maintains an iron grip on the internet within its borders" and has "aggressively clamped down on VPN services over the past year." In 2017 Apple went so far as to appease the Chinese government by removing VPN apps from their App Store that refused to comply with government demands for greater access.

"Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support," Migliano wrote.

"Apple and Google have let down consumers by failing to properly vet these app publishers, many of whom lack any sort of credible web presence and whose app store listings are riddled with misinformation."

SEE: The best mobile apps for watching video

The figures detailed in the report are eye-popping, with 30 apps populating the top 20 VPN apps for both Apple and Google in the US and UK. They found that an astonishing 86 percent of these apps had what they deemed "unacceptable privacy policies," with issues ranging from opaque security policies to open admission that user data is shared with servers in mainland China.

"Unfortunately, the majority of apps appearing in the top results for "VPN" searches are free products from obscure and highly secretive companies that deliberately make it very difficult for consumers to find out anything about them," he added.

More than 60 percent of these apps had no website at all, with more than half using personal email accounts for customer support. Only 17 percent of these apps responded when contacted through these customer support email addresses.

The statistics only scratch the surface in showing how dangerous -- and widespread -- these free VPN services are.

"Our view is that - even putting more malicious scenarios aside - this state of affairs is nowhere near good enough and that consumers trying to protect their privacy deserve better," Migliano wrote this week in a corresponding report focusing on the free VPN apps in Google's Play Store.

"Nor does it have to be this way, none of these risky permissions or functions are to be found in the leading paid-for VPN apps, which closes the door to any potential privacy abuses."

A number of the apps have service agreements that contain clauses saying things like "Our business may require us to transfer your Personal Data to countries outside of the European Economic Area ("EEA"), including to countries such as the People's Republic of China or Singapore." Top 10 VPN said these were alarming consider the breadth of information the apps were collecting from users.

That specific clause was found in VPN Master, Turbo VPN, and SnapVPN, which have a combined 14 million downloads in the Play Store and 1.1 million monthly downloads in the App Store.

In their corresponding report "Free VPN Risk Index: Android Apps", the research website said 99 of the 150 apps they looked into collected data such as user location and device information, all while seeking permissions to use the microphone and camera. Nearly 30 of the apps were flagged by virus services for possible malware and another 38 had "DNS leakage," which makes it easy for hackers to access the private data of users.

For those seeking solutions, Top 10 VPN suggests you always pay for any VPN service and make sure to read through the service agreements to see what data is collected and where it is stored.

FOLLOW Download.com on Twitter for all the latest app news.

Takeaways

  1. Researchers found that most of the free VPN apps in the App Store and Play Store are rife with severe security concerns ranging from murky data practices to questionable demands for camera and microphone access.
  2. Almost all of the apps are based or routed through China, which recently forced Apple to remove VPN apps that refused to comply with the government's demands for greater access.

Also see

Jonathan is a Contributing Writer for CNET's Download.com. He's a freelance journalist based in New York City. He recently returned to the United States after reporting from South Africa, Jordan, and Cambodia since 2013.