Free Chinese VPN exposed millions of users' data
Free VPN leak includes users' IDs, IP addresses and domain names
A free VPN service aimed at Chinese users has been found guilty of exposing over 5.7 billion data entries.
An investigation by Cybernews revealed Airplane Accelerates apps - whose Chinese version counts over 3,000 reviews on the App Store only - leaked a staggering amount of users' personal information, including user IDs, IP addresses, domain names and timestamps.
Being the app available for Windows, MacOS, iOS, and Android, researchers believe that at least tens or perhaps even hundreds of thousands of users in China could have been affected.
Worse than a typical data breach
“This leak is significant, because the leaked data could be used to de-anonymize and track the users of this app,” said Aras Nazarovas, the Cybernews researcher who led the investigation. “Analysis of the Android app also shows that it is capable of functioning as spyware, and has remote code execution capabilities.”
Researchers found a worrying high volume of permission requests executing from the Android VPN app. These range from accessing camera and audio recording, to modifying contacts, external storage and even installing new software.
“While Antivirus apps do not detect this app as malicious, our analysis of it raises some significant red flags,” explained Nazarovas.
Cybernews reached out to AP Network PTY Ltd - the Australia-based company behind this free VPN service - a month ago, when the leak was discovered. As they haven't received any responses to this date, they decide to publish their findings due to their high public interest value.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Free VPN danger
This is only the latest instance that show the risks of using a free VPN service to secure online data.
From being tracked from malicious ads, to having personal information exposed or, worse, your device infected by malware or viruses: the price to pay might be higher in terms of data security in the long term.
Also who actually owns these free services can be a reason for concerns, at times. An investigation carried out by Top10VPN on the 30 most popular apps on Google Play found out that 59% of these VPNs had actually hidden Chinese ownership.
As Cybernews pointed out, for those living in a regime like China could get in real trouble if a VPN app exposes their internet usage to the authorities. This is why we keep updating our China VPN list to only recommend the best services working at the moment.
Not just privacy, though. Many free VPNs also have problems unlocking different catalogs on streaming platforms and achieving faster connection speeds, offering poor overall performances.
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com