TechAndroid VPNs found lacking: Data leaks, weak encryption rampant

Android VPNs found lacking: Data leaks, weak encryption rampant

Android applications are often sneaky and contain malicious code that, among other things, facilitates the theft of private data. According to recent data in the Top10VPN report, many infected Android applications are faulty VPNs that allow for the unfettered theft of data.

Some VPN applications are dangerous.
Some VPN applications are dangerous.
Images source: © Adobe Stock | eliosdnepr
Oskar Ziomek

12 June 2024 16:27

PCMag highlights details. The report states that out of the 100 most popular VPN clients on Android globally, over 10 percent cannot properly encrypt transmitted data, more than half operate unstably, and 80 percent do not use the most secure encryption algorithms. Some also contain code from ByteDance (the company behind TikTok), which is not necessary for VPN operation. This raises concerns among security researchers.

According to Top10VPN data, some Android VPN applications are known for IP address or DNS data leaks, others have issues with properly encrypting transmitted data, and others contain unjustified capabilities and access to Android functions, creating opportunities for stealing users' private data.

Thanks to the granted permissions, some applications can read information from the address book, determine device location based on GPS data, read the list of installed applications, download all information about the SIM card and operator, and even read the unique device identifier used by Google for displaying targeted ads.

Among the programs listed as dangerous are Tomato VPN, Phone Guardian VPN, Ultimate VPN, Turbo VPN, Power VPN, VPN Monster, uVPN, VPN Proxy Master—Safer VPN, VPN Pro—Fast & Secure VPN, and Signal Secure VPN—Robot VPN. Rather than continuing to use them, removing them and opting for more well-known, secure solutions is better.

© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.