Windows 10 News and info | Forum
May 19, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Malware, User Privacy Failures Found in Top Free VPN Android Apps  (Read 47 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 30026


I Do Windows


WWW Email
« on: January 21, 2019, 11:06:10 PM »
ReplyReply

One in five apps from the top 150 free VPN Android apps in Google's Play Store was flagged as a potential source of malware, while a quarter of them come with user privacy breaking bugs such as DNS leaks which expose user DNS queries to their ISPs.

As found by Simon Migliano, Metric Labs' Head of Research, the company behind the Top10VPN service, these VPN Android applications have already been installed approximately 260 million times according to the numbers reported by Google's official store.

Top10VPN's extensive research has been organized and published in the form of a risk index designed to help Android users understand the exact privacy risks they are exposing themselves when installing a free VPN on their smartphone or tablet.

According to Migliano's analysis and as previously stated, one in five free VPN apps tested (27 applications in total) was flagged as a potential source of malware when tested using VirusTotal, greatly increasing the severity of the risks their users are exposed too.

To make matters even worse, 25% of the apps that were affected by a DNS leak security issue. Moreover:

Quote
This security flaw occurs when a VPN fails to force DNS requests through its encrypted tunnel to its own DNS servers and instead permits the requests to be made directly to the default ISP DNS servers. Even though the rest of their traffic may be concealed, the leak exposes a userís browsing history to their ISP and any third-party DNS server operator that it may use.

The issues found in the top ten free VPN apps (most installs) on the Google Play store:











All Links are Active

Top10VPN 's research also states that it found highly intrusive permissions as well as code functions that expose the app's users to privacy risks in about 85% of all tested free VPN apps.

The research team found the following intrusive permissions and user privacy-breaking code:

Quote
location tracking ( 25% of apps);

access to device status information ( 38% );

in smaller numbers: use of camera and microphone and the ability to secretly send SMS.

over half ( 57% ) featured code to get a userís last known location.

As detailed in the report's methodology section, Migliano's team installed each of the 150 apps on an Android smartphone and tested its VPN connection using ICSI's Netalyzr Internet connection analysis utility.

Using the same VPN connection, the researchers ran various IP tests using the online browserleaks.com platform which were compared against control tests performed on the same device without using any VPN connections (full network test results for all apps available here as a PDF.)

When asked if the user privacy breaking issues would still be present in the paid versions of these free VPN apps, Migliano told BleepingComputer that:

Quote
While we didn't upgrade any apps that offered premium versions and do additional testing, I am confident that the main privacy issues would persist: ie leaks, intrusive permissions and risky code functions. Itís still the same app when you upgrade after all. It's possible that network performance may be better in some instances as paid subscribers gain access to the full range of servers.

Migliano is also behind a previous analysis of the top 20 free VPN Android and iOS apps which led to the conclusion that the vast majority of them have virtually inexistent privacy protection, as well as almost no user support.

This new analysis comes as an addendum designed to pinpoint the user privacy flaws existent in free VPN Android apps and Migliano's findings are not encouraging for Android users who choose not to pay to protect their privacy.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 10, 2019, 04:39:42 AM