VPNs are one of the most popular apps available to smartphone users. However, as per a recent report, several free iPhone VPN apps are unsafe to use and present privacy risks.
An investigation last year into the free VPN apps on the App Store and Play Store found that more than half of the popular apps were in some way connected to Chinese companies. Based on how China controls the online life of its citizens, these apps were considered risky.
Further, the investigation at the time also revealed that most of these VPN apps feature few formal privacy protections, and did not offer user support. Questions were also raised over the app approval process followed by Google and Apple.
Now, in an August update to the investigation, Simon Migliano of Top10VPN.com (a privacy and security researcher) found that recommendations of earlier investigations have been ignored by both Apple and Google. Migliano, in his research, studied the top 30 apps on both the app stores, including their policies, professionalism and ownership.
In its August update, the security researcher claims that about 60% of the popular VPN apps are owned by Chinese companies (despite a strict VPN ban in the country). Further, the researcher found that about 77% of these VPN apps suffer from “serious privacy flaws,” such as no detailed logging policy.
Moreover, the researcher claims that Apple does not apply its third-party data-sharing ban against VPN apps. Also, Migliano notes that 80% of the top free iPhone VPN apps are “in breach of the rules” and many share data with third parties.
The security researcher provided detailed research on the unsafe apps, such as the list of potentially unsafe apps, app listings links in the app store, suggestions to improve and more, to the tech giants. Migliano, however, claims that both Apple and Google have not made any changes.
On the other hand, the potential risk from these apps is increasing. These free iPhone VPNs apps garner about 3.8 million installations per month. This download figure is similar to what it was during the first investigation. However, considering 20% of these apps are no longer available, it means the number of downloads of the already existing apps is increasing. On Google’s Play Store downloads have increased by about 85% with 214 million installations in six months.
Talking of the response from the two companies, Migliano says though Apple is looking into the claims, it is yet to take any action. A point to note is that a couple of months back, Apple acknowledged that VPN apps need stricter regulations than other categories of apps. Also, Apple has banned the apps from sharing data with third parties, but is yet to enforce this policy to all third-party apps.
Google, on the other hand, is yet to respond to Miglianos’ claims.
One might say that Migliano’s research could be biased considering he works for a company named Top10VPN, which evaluates VPN services. Migliano, however, says that his research is neutral as he is not involved in the commercial aspect of his company. Even if Migliano is biased, his claims still need to be challenged. Hopefully, Apple will come out with its findings soon.
Top10VPN suggests using ExpressVPN, NordVPN and IPVanish VPN. Migliano, on the other hand, recommends TunnelBear and Windscribe as they work on the freemium model, and thus, don’t run invasive ad trackers and “have revenue to fund a safe network.”
Top10VPN.com has updated its list of 150 most-downloaded free VPN apps in the Play Store. About 74% of these apps still pose a risk to anyone using them, 54% of the apps have intrusive permissions, 21% of the apps are tested positive for viruses or malware and 53% have potentially unsafe hidden functions in their code, the researcher say.
Talking of the benefits that these apps bring to China, Migliano says that the use of VPNs by users in other countries may give China access to all the data flowing through VPN networks, and in turn “huge amounts of foreign intelligence.”
“Just as the harsh glare of suspicion is falling on Huawei’s ties with the Chinese state, similar scrutiny should be applied to VPN services,” he says.
A couple of months back, it was revealed that an operation from APT 10, a group backed by the Chinese government, allegedly gained access to at least ten global telecom carriers. Such access potentially allows it to track military personnel, dissidents linked to China, spies and law enforcement.
One point that the security researcher applauds about the apps is that each app successfully created an encrypted VPN connection. “We were pleased, if pleasantly surprised, to find that 100% of the connections created by the apps in the Risk Index were encrypted,” the researcher said.