Malware, User Privacy Failures Found in Top Free VPN Android Apps

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
One in five apps from the top 150 free VPN Android apps in Google's Play Store was flagged as a potential source of malware, while a quarter of them come with user privacy breaking bugs such as DNS leaks which expose user DNS queries to their ISPs.

As found by Simon Migliano, Metric Labs' Head of Research, the company behind the Top10VPN service, these VPN Android applications have already been installed approximately 260 million times according to the numbers reported by Google's official store.

Top10VPN's extensive research has been organized and published in the form of a risk index designed to help Android users understand the exact privacy risks they are exposing themselves when installing a free VPN on their smartphone or tablet.

According to Migliano's analysis and as previously stated, one in five free VPN apps tested (27 applications in total) was flagged as a potential source of malware when tested using VirusTotal, greatly increasing the severity of the risks their users are exposed too.

To make matters even worse, 25% of the apps that were affected by a DNS leak security issue. Moreover:
... ... ...
...
 
F

ForgottenSeer 58943

Interesting in that (on windows systems) Thor started flagging Windscribe as 'risky' a couple months ago. I wrote it off, but not so sure now.

I'm untrusting of almost all non-self run VPN's. Next month Gryphon will release their own mobile VPN, except it tunnels back behind your home gryphon and the VPN server is run on the Gryphon itself. (similar to corporate VPNs) While it won't anonymity you it will protect you from snooping and intrusion while out and about because it will appear like you are on your home network.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Reckon Windscribe could be going downhill? Or too many FPs?

Asking as I'm a frequent desktop Windscribe user.

~LDogg
 
  • Like
Reactions: Weebarra
3

37507

Reckon Windscribe could be going downhill? Or too many FPs?

Asking as I'm a frequent desktop Windscribe user.

~LDogg
Definetly not. I recently switched back to Windscribe after purchasing a Static IP and I have not looked back ever since. This article is an awesome read if you're interested.

Also, Windscribe responded to the "dangerous function/behaviors" claim with the following:

The founder of Windscribe provided a swift response, summary as follows:

  • LocationManager;->getLastKnownLocation – “Location access is a runtime permission that’s requested if the user wants to take advantage of the network whitelisting functionality, as it’s required to read Wifi SSID and cellular network APN on newer versions of Android. We don’t use any physical location APIs, as those are pointless for our purposes. This permission is optional and does not need to be granted for the app to work, but network whitelisting will not work.“
  • java/lang/Runtime;->exec is used to run the Stunnel library, which is a separate process that provides openvpn tunnel encapsulation.

Our view is that these are perfectly reasonable uses of these functions. Rather than being used for advertising or as a result of a third-party library, the location function is for an optional feature that allows users to whitelist trusted networks. Highly privacy-conscious users will simply ignore that feature. The runtime function is also perfectly legitimate. Due to its freemium model, Windscribe avoids the typical problems associated with ad-supported apps and is among the best services of its kind.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top