It is very common for a user to download and install VPN app from Google Play store to hide their digital identity and digital data. Alarmingly, the recent research revealed that many of the Android VPN apps available on Play are malicious in nature and are not as secure as they appear to be. These malicious Android VPN apps are not dedicated to hiding user’s identity and data instead to spy on the user.
The research has been done by a team of researchers from Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO), University of South Wales and UC Berkley. The team studied 234 Android VPN apps on the Google Play Store out of that, around 38 per cent of Android VPN apps found to contain malware.
The report claims that more than a third of the 238 analyzed apps were found to be tracking users through malvertising or malware. In addition, 18 percent of the apps didn’t perform its very function of encryption- the apps sent user traffic to the internet without encryption- the goal for which user installs these VPN apps.
The research asserted in the report that over 80 per cent of apps requested to access sensitive data such as user accounts and text messages.
The researchers in its report also listed 10 worst Android VPN apps on Google Play Store leveraging the automated malware detection process of Virus Total API. Alarmingly, many of the Android VPN apps were detected as malware by more than 10 Anti-Virus Engines.
For information, VirusTotal is an online solution which aggregates the scanning capabilities provided by more than 100 AV tools, scanning engines, and dataset.
When you download an app and install, you give it access to your smartphone and its data as well. Only last week Meitu’s selfie app was identified sharing users’ location information with China.
Dali Kaafar, professor and senior principal researcher at CISRO, advised Android owners to stop and read the user review before signing up for a particular VPN app. “Always pay attention to the permissions requested by apps that you download,” he added.