CSIRO says many Android VPN apps are not secure

Posted by Alex Morrison January 27, 2017

Despite often being presented as being designed to increase a user’s security and privacy, many Android VPN-based apps may actually be doing the opposite.

According to a CSIRO study of 283 Android VPN apps listed on the Google Play store, while 67% of the identified apps offer services putatively to enhance online privacy and security, 75% use third-party tracking libraries and 82% request access to sensitive data such as user contacts and text messages.

The report also found that over 38% of the apps contain some form of malware.

Moreover, 16% of the analysed apps appear to forward traffic through other participating users’ devices in a peer-forwarding manner — raising a host of trust, security and privacy concerns — and 18% implement tunnelling protocols that lack encryption.

Two of the VPN apps were found to be actively injecting JavaScript code on users’ traffic for advertising and tracking purposes, while four compromise users’ route store and actively perform TLS interception in transit. Three of these selectively intercept traffic specific to online services including social networks, banking, e-commerce sites, email and IM services.

Disclaimer: The opinions expressed by our writers are their own and do not represent the views of Scommerce. The information provided on Scommerce is intended for informational purposes only. Scommerce is not liable for any financial losses incurred. Conduct your own research by contacting financial experts before making any investment decisions.

scommerce

Welcome! Get free access to EVERYTHING we publish…

Whether you are an investor, tech enthusiast, or entrepreneur we have something for you. You'll get our FREE weekly newsletter with latest news and information along with special offers. Please take time to read our privacy policy. The information you provide us will be processed in accordance with this.