Malicious Android VPNs could put your personal data at risk

Android applications often contain malicious code that allows for the theft of private data. According to fresh data in the Top10VPN report, many infected Android applications are faulty VPNs that allow unauthorized access and data theft.

PCMag highlights details. According to the report, out of the 100 most popular VPN clients on Android worldwide, over 10 percent cannot properly encrypt transmitted data, more than half operate unstably, and 80 percent do not use the most secure encryption algorithms. Some also contain code from the company ByteDance (the developer behind TikTok), which is unnecessary for VPN operation. This raises suspicions among security researchers.

According to Top10VPN data, some Android VPN applications are known for IP address or DNS data leaks, while others have issues with proper data encryption. Additionally, certain apps contain unnecessary capabilities and access to Android functions, which open avenues for stealing users' private data.

Thanks to the granted permissions, some applications can, among other things, read information from the address book, access device location based on GPS data, read the list of installed applications, download all information about the SIM card and operator, and even read the unique device identifier used by Google for displaying targeted ads.

Among the programs listed as dangerous are the following: Tomato VPN, Phone Guardian VPN, Ultimate VPN, Turbo VPN, Power VPN, VPN Monster, uVPN, VPN Proxy Master - Safer VPN, VPN Pro - Fast & Secure VPN, and Signal Secure VPN - Robot VPN. Rather than continuing to use them, removing them and opt for more well-known, secure solutions is better.