A worrying number of VPN apps for Android mobile devices are rife with malware, spying, and code injection, say researchers.
A study from the University of New South Wales in Australia and the University of California at Berkeley found that Android apps advertising themselves as VPN clients often contain poor security protections, and in some cases engage in outright malicious activities.
“Many apps may legitimately use the VPN permission to offer (some form of) online anonymity or to enable access to censored content,” the researchers write. “However, malicious app developers may abuse it to harvest users’ personal information.”
That sort of malicious activity is shockingly common, the researchers found. They studied the activity of 283 VPN apps on the Google Play store and catalogued the various risky and malicious activities they found.
“Our results show that – in spite of the promises for privacy, security and anonymity given by the majority of VPN apps – millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps,” the researchers noted.
The study concluded that, in addition to users being wary in their choice of VPN apps and keeping a close eye on permissions, Google should look to help remedy the situation by setting stricter limits on what VPN apps are able to do in Android.
Submitted by: Arnfried Walbrecht