Android VPNs found lacking: Data leaks, weak encryption rampant

Android applications are often sneaky and contain malicious code that, among other things, facilitates the theft of private data. According to recent data in the Top10VPN report, many infected Android applications are faulty VPNs that allow for the unfettered theft of data.

PCMag highlights details. The report states that out of the 100 most popular VPN clients on Android globally, over 10 percent cannot properly encrypt transmitted data, more than half operate unstably, and 80 percent do not use the most secure encryption algorithms. Some also contain code from ByteDance (the company behind TikTok), which is not necessary for VPN operation. This raises concerns among security researchers.

According to Top10VPN data, some Android VPN applications are known for IP address or DNS data leaks, others have issues with properly encrypting transmitted data, and others contain unjustified capabilities and access to Android functions, creating opportunities for stealing users' private data.

Thanks to the granted permissions, some applications can read information from the address book, determine device location based on GPS data, read the list of installed applications, download all information about the SIM card and operator, and even read the unique device identifier used by Google for displaying targeted ads.

Among the programs listed as dangerous are Tomato VPN, Phone Guardian VPN, Ultimate VPN, Turbo VPN, Power VPN, VPN Monster, uVPN, VPN Proxy Master—Safer VPN, VPN Pro—Fast & Secure VPN, and Signal Secure VPN—Robot VPN. Rather than continuing to use them, removing them and opting for more well-known, secure solutions is better.