A recent report unveiled by the Commonwealth Scienific and Industrial Research Organization (CSIRO) this week, revealed that your favorite VPN apps might be spying on you.
For this research, CSIRO investigated more than 283 different Android VPN (which stands for Virtual Private Network) apps and complied the findings in An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps.
The results are quite disconcerting. For starters, 18% of investigated apps were found not to be encrypting traffic after all, while 84% were showed to be leaking user traffic and revealing private information.
More than that, 2 out of 3 apps use third-party tracking libraries and 38% hide a malware or malvertising presence. Over 80% request access to sensitive info such as private text message conversations.
The conclusion of the research was that while most of the examined apps offer online anonymity to a degree, some apps are deliberately trying to collect personal info that can be sold to third-parties.
Interestingly enough, the investigation also found that less than 1% of VPN app users had any concerns about privacy when using these apps.
What’s more, 94% of the Ipv6 and DNS leaking apps claim to provide privacy protection in their Google Play Store descriptions, but users’ shouldn’t take their world for it.
So what can you do if you are in need of a VPN app? Professor and Senior Principal Researcher in Online Privacy and Securiy, Dali Kaafar gives us a few tips on the matter.
Kaafar says users should shop around, compare functionality and read lots of app reviews before deciding which app should be installed on their phone. He also advises people to pay more attention to permission requests.
Luckily, the CSIRO notes that before publishing the findings, the Organization got in touch with developers of the targeted apps in order to alert them of vulnerabilities. Some of them actually took steps to fix the issues, while others simply removed the apps from the Play Store.