Unsafe VPN apps on Android risking your private data, experts warn

Applications often conceal malicious code in the Android system, which can be used, among other things, to steal private data. The latest report from Top10VPN indicates that many infected apps are VPNs that are not adequately secured and can allow uncontrolled access to user data.

These details are provided by PCMag. The report reveals that out of the top 100 most popular VPN clients on Android worldwide, over 10% cannot correctly encrypt transmitted data, more than half malfunction and 80% do not use the most secure encryption algorithms.

Some of them also contain code from ByteDance, known for its ties to TikTok, which is unnecessary for VPN functionality, raising suspicions among security experts.

According to Top10VPN data, some Android VPN applications are known for leaking IP addresses or DNS data, others have issues with correctly encrypting data, and others offer unwarranted access to Android system features, creating the potential for theft of users' private data.

Due to the granted permissions, some applications can, for example, read information from the address book and device location based on GPS data, browse the list of installed applications, obtain complete information about the SIM card and operator, and even read the unique device identifier used by Google to display targeted ads.

Among the programs identified as dangerous are Tomato VPN, Phone Guardian VPN, Ultimate VPN, Turbo VPN, Power VPN, VPN Monster, uVPN, VPN Proxy Master—Safer VPN, VPN Pro—Fast & Secure VPN, and Signal Secure VPN—Robot VPN. It is better to remove these applications and choose more well-known, secure solutions instead of continuing to use them.