Risky free VPNs still available in Apple App Store & Google Play despite warnings

Posted:
in iOS edited August 14
Apple and Google are still allowing a number of potentially unsafe free VPN apps to be downloaded from respective app stores, despite warnings that many of the apps pose a privacy risk to consumers, primarily from the apps questionable ownership by Chinese organizations.

VPN App Store iOS


An investigation at the end of 2018 into a large number of free VPN applications offered on Apple's App Store for iOS as well as Google Play revealed over half of the most popular versions available to download were secretly owned by Chinese companies, or were based in China. Given China's censorious nature, as well as major control over how its citizens access the Internet, it was considered to be a risk to use the free VPNs in question.

At the time, it was also determined the majority of the apps examined had few formal privacy protections, and practically didn't offer user support at all. Apple and Google were both taken to task for allowing the apps into the digital storefronts, despite the inherent risks, but evidently the investigation wasn't enough.

In an August update to the investigation, privacy and security researcher Simon Migliano of Top10VPN.com revealed the advice from his widely-reported earlier investigations were ignored by both Apple and Google, with neither acknowledging the problem existed.

Both firms were advised 77% of the apps flagged as potentially unsafe in the earlier investigation still posed a risk, while a further 90% from another investigation into free VPNs on Android that were similarly flagged are also still a risk. Migliano also provided detailed lists of the potentially unsafe apps, links to app listings in stores, relevant research for each, and recommendations on how to improve the situation, but it is claimed neither Apple nor Google made any changes.

The apps are also becoming a far bigger problem, with approximately 3.8 million installations of the risky apps on iOS each month. It is suggested that, while the figure remains steady from the time of the first investigation, the 20% reduction in apps since the start of the year due to no longer being available means the number of downloads for still-available apps is increasing on per-app average.

On Google Play, the downloads have increased in number, with 214 million installations in six months representing an increase of 85%.

While China does not allow VPNs to be used in the country, with Apple taking down apps as part of a government crackdown in 2017, Migliano reasons the development of VPN apps for use by citizens in other countries gives China "potential access to the massive amounts of browsing data flowing through VPN networks," and in turn "huge amounts of foreign intelligence."

The ability to monitor the online activities of its citizens, as well as those of other countries via VPN app traffic, gives the Chinese government the opportunity to perform surveillance unencumbered, and with little need to actively hack organizations.

In June, it was revealed an operation from the Chinese government-backed group APT 10 allegedly gained high-level access to at least ten global telecoms carriers, allowing it to track spies, law enforcement, military personnel, and dissidents linked to China.

The report also notes 80% of the top free VPNs in the App Store are also breaching Apple's data sharing ban, a rule change from June that prohibited VPN apps from sharing data with third-party services. By flouting the ban, this can allow apps to gather more data than Apple has deemed it necessary to collect, and to ferry it back to an unknown third-party, which could easily be a government-controlled entity.

"Just as the harsh glare of suspicion is falling on Huawei's ties with the Chinese state, similar scrutiny should be applied to VPN services," Migliano insists. "It's unacceptable that Google and Apple are keeping their heads buried in the sand rather than weeding out any VPN operators that don't meet strict standards for integrity."

Comments

  • Reply 1 of 13
    Hope Hotspot Shield is not a mainland China’s because that’s what I’m using (and enjoying). 
    edited August 13 watto_cobra
  • Reply 2 of 13
    SoliSoli Posts: 9,177member
    matrix077 said:
    Hope Hotspot Shield is not a mainland China’s because that’s what I’m using (and enjoying). 
    You may want to read the Critical Reception section, then follow to other links, and possibly subscribe to a paid service without any of these questionable, black marks.

    chasmmuthuk_vanalingamwatto_cobra
  • Reply 3 of 13
    Soli said:'
    matrix077 said:
    Hope Hotspot Shield is not a mainland China’s because that’s what I’m using (and enjoying). 
    You may want to read the Critical Reception section, then follow to other links, and possibly subscribe to a paid service without any of these questionable, black marks.

    Yeah, I’m on paid subscription since day one. Had used it free on my Windows days and found it’s awful. Surprisingly using it on Mac and iOS with paid subscription is pretty great and easy. 
    edited August 13 watto_cobra
  • Reply 4 of 13
    How about listing all these questionable apps by name so users know which ones to avoid? I'm fine, using NordVPN, but my friends and family would  benefit from such a list.
    PetrolDavevaulttechgirlwatto_cobra
  • Reply 5 of 13
    Mike WuertheleMike Wuerthele Posts: 4,756administrator
    TrueNorth said:
    How about listing all these questionable apps by name so users know which ones to avoid? I'm fine, using NordVPN, but my friends and family would  benefit from such a list.
    The source article is linked in the piece.

    watto_cobra
  • Reply 6 of 13
    GeorgeBMacGeorgeBMac Posts: 4,946member
    Yawn....   Another China paranoia piece.   It was Russia who attacked us.   It is Russia who IS attacking us.   But we are told to "look over there..."
    dewme
  • Reply 7 of 13
    Yet more indications that Apple is really in bed with the Chinese government, being forced to ban certain apps and allow others, or their business in China will suddenly become illegal...
  • Reply 8 of 13
    chasmchasm Posts: 1,642member
    People who use a "free" VPN will get exactly what they deserve. Hint: it's not secrecy, privacy, or security.
    watto_cobra
  • Reply 9 of 13
    analogjackanalogjack Posts: 1,069member
    You can make anything foolproof,  but you cannot make it idiot proof. 
    watto_cobra
  • Reply 10 of 13
    gatorguygatorguy Posts: 20,894member
    "Free cheese can be only in a mousetrap." I have learned my lesson, so I will never use a free VPN... I use NordVPN and I will never change it to any other provider, but the list of risky providers must be done, as people tend to download free stuff without thinking about the consequences. 
    FWIW there is an "oddity" being noted in the NordVPN and its daily calls to three domains. It may all be perfectly legit but security experts found it strange behaviour for a VPN, and there's been no change on Nord's side even tho they had said they would remove that in the latest update and did not. 
    https://www.niem.es/2019/03/f5d599a39d02caef1984e95fdc606f838893ffc5-xyz.html
    https://www.niem.es/2019/04/update-f5d599a39d02caef1984e95fdc606f838893ffc5-xyz.html

    As I said probably some legit part of the NordVPN but just be aware that there are some hanging questions about why the odd behavior.
  • Reply 11 of 13
    Why not just just Cloudflare's 1.1.1.1 app, which includes a free VPN?
    watto_cobra
  • Reply 12 of 13
    SoliSoli Posts: 9,177member
    Why not just just Cloudflare's 1.1.1.1 app, which includes a free VPN?
    You could use that new feature with Cloudflare's DNS app, but there are still reasons why one would want a VPN with additional options. Even Cloudflare details where there is no best VPN for all users.

    watto_cobra
  • Reply 13 of 13
    hrydehryde Posts: 3member
    Am I the only one who first parsed the headline as "Risk Free VPNs..."?
    edited August 15
Sign In or Register to comment.