Serious Discussion Google Play adds security audit badges for Android VPN apps


Level 79
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform.

Specifically, that standard is MASA (Mobile App Security Assessment), which was introduced last year as an initiative of the App Defense Alliance (ADA) to define a concrete set of requirements for mobile app security.

The requirements concern data storage and data privacy practices, cryptography, authentication and session management, network communication, platform interaction, and code quality.

Starting with VPN apps, which Google considers critical for user privacy and security due to handling sensitive data, the Play Store will display the "Independent security review" badge in the Data Safety Section.

This badge indicates that the apps' compliance with the MASA standard has been independently verified, enhancing transparency and bolstering user trust.

As VPN providers are used to provide anonymity while browsing the web, many make claims that they do not keep any logs and do not expose the user's actual IP address, whether that be through bugs or other reasons.

To prove these claims, some VPN providers perform third-party audits that examine source code, server configurations, and attempt to find bugs that may make users less secure while using the app.

For this new Google Play tag, VPN vendors are also required to perform the MASA audit from an approved cybersecurity partner.

The VPN vendors that have opted to go through the MASA security audit and currently display the new Google Play badge are NordVPN, Google One, and ExpressVPN.


Level 44
Top Poster
Nov 10, 2017
From what I've searched only 4 VPN providers have the MASA badge, ExpressVPN, Google One, NordVPN and PIA.

Nothing for Proton VPN or Windscribe as of today. (n)

Other VPN apps that hold a valid MASA certificate but haven't received a Google Play badge yet are Aloha Browser + Private VPN, Private Internet Access VPN, SkyVPN – Fast Secure VPN, Tomato VPN, and vpnify – Unlimited VPN Proxy.

And what about Surfshark?
  • Like
Reactions: Nevi

ForgottenSeer 103564



And what about Surfshark?
Look at the data safety section of each application.

Screenshot 2023-11-04 7.57.06 AM.png

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.