Security flaws found in top free VPN Android apps

VPN
Image Credit: Pixabay (Image credit: Pixabay)

Android users looking for free VPN apps on the Google Play Store may want to think twice after research from Top10VPN revealed that one in five of the top 150 free VPN apps could be a potential source of malware, while a quarter of the apps contain privacy-compromising bugs such as DNS leaks.

The company's Head of Research, Simon Migliano, made the discovery, and found that these Android VPN apps have already been installed 260 million times according to Google.

Top10VPN has organized and published its findings in the form of a risk index with the aim of helping Android users understand the privacy risks they are exposing themselves to when installing a free VPN.

Of the top 150 free VPNs, 27 apps were flagged as a potential source of malware after being tested using the utility VirusTotal.

DNS leak

Additionally, 25% of the top 150 free VPNs on the Google Play Store were affected by a DNS leak security issue which Migliano explained further in a blog post, saying:  “This security flaw occurs when a VPN fails to force DNS requests through its encrypted tunnel to its own DNS servers and instead permits the DNS requests to be made directly to the default ISP DNS servers.

“Even though the rest of a user’s traffic is concealed, such a leak exposes a user’s browsing history to their ISP and any third-party DNS server operator that it may use.”

Top10VPN also discovered that some free VPNs were asking users for highly intrusive permissions, with 25% of apps asking to access a user's location, 38% tried to access device status information and 57% included code to retrieve a user's last known location.

While a free VPN may sound enticing at first, there will always be some kind of tradeoff, and we highly recommend researching any VPN extensively before installing it on your devices.

Via Bleeping Computer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in VPN Privacy & Security
A computer file surrounded by red laser beams
Cover your tracks: the risk of sending unencrypted files
Using an Amazon Fire Stick on a Smart TV
How to use a VPN with Fire Stick
Close up of PS5 DualSense controller leaning on a PS5
5 reasons your PS5 needs a VPN
Tor
What is Onion over VPN?
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over