Generally speaking, you use a VPN to be more secure or stay anonymous when online (or perhaps for other reasons like getting round content blocking), but according to a new study, some Virtual Private Network apps can actually be harmful rather than helpful on the security front.
BGR spotted this research, although do note that it pertains to Android VPN apps, with some 280 of them being analysed in a paper on privacy and security risks – although doubtless the findings apply to all platforms to some extent.
The study discovered that a very worrying 38% of apps actually contained malware (as defined by VirusTotal), although perhaps we shouldn’t be so surprised, as it’s quite a common tactic to hide malicious payloads in security software (just look at all the fake antivirus programs out there).
The vast majority of that malicious content was adware which comprised 43% of the malware detected, followed by Trojans in second place on 29%, and ‘malvertising’ on 17%.
Also, 75% of the VPNs examined used third-party tracking libraries, and 18% of apps didn’t even bother to use a tunnelling protocol which had encryption (kind of defeating the entire point of the VPN, of course).
Overstepping the mark
The vast majority of the apps – 82% of them – also overstepped in terms of permissions according to the authors of the paper, requesting access to things like text messages (which simply aren’t necessary).
The researchers also analysed traffic across the VPNs, and found that a ‘significant’ number of services sent traffic through other users as opposed to a dedicated VPN server – with obvious security worries there.
In case you’re thinking that the study was scraping the bottom of the barrel when it came to picking out which VPN apps were examined, 37% of them were popular enough to have over 500,000 installs – and a quarter of them had four-star reviews (or better).
Overall then, it’s a worrying picture for Android VPNs, although as luck would have it, last week we picked out our five favourites for Google’s mobile OS, which won’t steer you wrong.