Security flaws found in top free VPN Android apps

VPN
Image Credit: Pixabay (Image credit: Pixabay)

Android users looking for free VPN apps on the Google Play Store may want to think twice after research from Top10VPN revealed that one in five of the top 150 free VPN apps could be a potential source of malware, while a quarter of the apps contain privacy-compromising bugs such as DNS leaks.

The company's Head of Research, Simon Migliano, made the discovery, and found that these Android VPN apps have already been installed 260 million times according to Google.

Top10VPN has organized and published its findings in the form of a risk index with the aim of helping Android users understand the privacy risks they are exposing themselves to when installing a free VPN.

Of the top 150 free VPNs, 27 apps were flagged as a potential source of malware after being tested using the utility VirusTotal.

DNS leak

Additionally, 25% of the top 150 free VPNs on the Google Play Store were affected by a DNS leak security issue which Migliano explained further in a blog post, saying:  “This security flaw occurs when a VPN fails to force DNS requests through its encrypted tunnel to its own DNS servers and instead permits the DNS requests to be made directly to the default ISP DNS servers.

“Even though the rest of a user’s traffic is concealed, such a leak exposes a user’s browsing history to their ISP and any third-party DNS server operator that it may use.”

Top10VPN also discovered that some free VPNs were asking users for highly intrusive permissions, with 25% of apps asking to access a user's location, 38% tried to access device status information and 57% included code to retrieve a user's last known location.

While a free VPN may sound enticing at first, there will always be some kind of tradeoff, and we highly recommend researching any VPN extensively before installing it on your devices.

Via Bleeping Computer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in VPN Privacy & Security
Tor
What is Onion over VPN?
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Latest in News
Apple iPhone 16 Pro Max REVIEW
The latest iPhone 17 Pro Max leak may have given us another look at its upcoming redesign
Half-Life running on a smartwatch
This Redditor installed a game engine on their smartwatch, and now it runs Doom, Quake, and Half-Life
Samsung Galaxy Z Fold 6
The Samsung Galaxy Z Fold 7 could be in line for a Galaxy S25 Ultra-level camera upgrade
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Three iPhones on a green and blue background showing trails on Apple Maps
iOS 18.4 will give your iPhone a much-needed maps upgrade – but only if you're in the EU
A close up of Billy Bob Thornton's Tommy Norris in Paramount Plus' Landman TV series
The Taylor Sheridan supremacy lives on at Paramount+ as Landman gets renewed for season 2