Privacy Central recently tested the 150 most popular Android free VPN apps in the Google Play store, which were installed 260 million times. Although these VPNs are very popular, the test results from Privacy Central are not optimistic. Privacy Central tested issues such as encryption technology, browser vulnerabilities, and downloading malware. Worryingly, more than a quarter of VPN applications leak Domain Name System (DNS) information. Four applications leaked WebRTC (Browser Real-Time Communication Protocol) data; two leaked DNS, Internet Protocol addresses, and WebRTC data.
Privacy Central also scanned these applications on Google’s VirusTotal website. Of the 150 applications, 27 detected malware positives on VirusTotal, and several of them installed millions of times.
- 63% of all apps featured functions with the potential for privacy abuses not expected from a VPN app (95 apps)
- 87 of these apps displayed the LocationManager;-getLastKnownLocation behavior, who function is to get the last known location of the device. However, 56 of them did not request the corresponding permission.