Ivar

Why you shouldn't trust all VPNs on Google Play Store

There are over 250 apps in the Google Play Store that pop up when you search for VPN, but not all of them are worth downloading. Even more - most of them you should stay far away from, and never install on your device. 
Why? A VPN app is all about security. The main reason you want to use VPN is to hide your online activity from your ISP (Internet Service Provider) and make sure your personal info or your web traffic stats do not fall into the wrong hands. This is why trust and credibility are the most important assets of any VPN provider. You are placing your trust in those apps and want to be sure that your personal data does not get collected, nor does any data get shared with government agencies when asked for.
Conducting the research VPN Selector looked at Google Play store and the first 50 search results for “VPN”. They discovered a worrying number of VPN apps that have either a very vague background, link to a Privacy Policy that does not exist, or have suspicious user ratings.
The first criteria assessed was company information. The location of the company's headquarters is important as it can place the app in a not-so-ideal jurisdiction. If you haven't heard of the Five-Eyes, Nine-Eyes and 14-Eyes alliances (UKUSA Agreement)  then these are intelligence alliances between countries to share data and intelligence. The existence of said treaties was kept under wraps and was only revealed to the public in 2005. A country that is part of any of those alliances might not be the best location to headquarter a VPN company.
  • Five Eyes: Australia, Canada, New Zealand, United Kingdom, United States
  • Nine Eyes: Five Eyes + Denmark, France, the Netherlands, and Norway
  • 14 Eyes: Nine Eyes +  Belgium, Germany, Italy, Spain, and Sweden
Israel, Singapore, and Japan are also collaborating with Five Eyes and reportedly Japan and Germany started collaborating since 2018.
So if the developer behind any of the VPNs is located in one of those intelligence-sharing alliances they might not be the best option if you are into super-shady business. But you might be OK turning the other cheek if the company itself is reputable and you have no plans to engage in illegal activities (which you shouldn’t!).
Out of the 50 Apps we investigated 16 belonged in one of the alliances and 5 collaborate with them. For 8 apps we were unable to track the company or a person behind the app so the location remained unknown.
What was more alarming though was the huge amount of VPN apps for Android that had very questionable developers behind them. Some had no other info but a Gmail address. And the Privacy Policy was too general in its description of data collection and gave no hints of the company behind the app. In some cases, the Privacy Policy link was broken or led to a Google Doc with Chinese text.
For example, Wang VPN that boasts a suspicious average score of 4.9 has no developer info or an English Privacy Policy. The app seems to have been developed in  China, a country that has a very hands-on government when it comes to controlling user info of its citizens.
Unlimited Free VPN Monster and Snap VPN have different companies associated with the apps, but digging a bit deeper you can clearly see they have the same people behind them. Take a look at their websites and see if you can spot the differences. 
The suspicious terms in the Privacy Policy don't exactly paint a pretty picture either.
For Example: 
“We may share information with third-party vendors and service providers that provide services on our behalf, such as helping to provide our Services, for promotional and/or marketing purposes, and to provide you with information relevant to you such as product announcements, software updates, special offers, or other information.” 
A VPN that shares data with third parties makes you question if you want to trust your data with that company.
VPN Russia has this in their Privacy Policy:
“Among the types of Personal Data that VPN Russia by tap2free collects, by itself or through third parties, there are: Cookies, Usage Data, unique device identifiers for advertising (Google Advertiser ID or IDFA, for example) and geographic position.”
What specifically this Usage Data is and why and with whom exactly your Unique Device Identifiers are shared remains unclear.
You would expect that kind of suspect terms from dodgy apps sitting at the bottom of the search results page but this is from the top 50 Apps that mostly have a rating over 4.0.
In fact, 48 out of 50 had an average user score of 4.0 or above, 22 of them had scores of 4.5 or over. 
All of the Apps had install counts over 100,000 and some of the Apps even over 1,000,000. Wang VPN with a record score of 4.9 has 170,478 reviews and over 1 million installs.
How many of those installs and reviews are fake, we can not tell. But considering how easy it is to buy Android app installs and user ratings we can only imagine how artificially bloated the scores are. Digitaltrends has dug into this topic in depth.
In total, we found 21 out of 50 Apps in our scope had problems with their Privacy policy. Either it was completely missing (broken link), it was unreadable (In Chinese), was extremely vague and superficial or had concerning clauses in it.
The good news is that all the “Big Names” in the VPN industry, like ExpressVPN, NordVPN, TunnelBear, HotspotShield etc, had their ducks in a row when it came to Privacy Policy. The only thing that might scare some people off them is the jurisdiction but for the everyday user this can mostly be ignored. For Example, ExpressVPN has its physical address as well as a link to a proper and detailed Privacy policy listed.
One thing we also noticed during the research is that there are plenty of VPN apps that try to masquerade themselves and try to copy the big brand VPN. This is not, of course, unusual but users should pay attention and not install a copycat but make sure they pick the correct app. 
Express VPN for example, has three blatant knockoffs that catch the eye immediately and can be mistaken for the original if not careful.
The data from this research shows that there is a reason to be careful when you pick an App that is supposed to protect your privacy. People in general don't have the time to look into each and every app's background - who the developer is, what's their Privacy Policy, or conduct speed tests before they buy or install the app. The VPN testing and review site VPN Selector has a handy guide “Best VPN for Android 2019” that lists the best Android VPN apps that are safe to use and that have passed speed tests, price comparisons and privacy checks.
A VPN app is supposed to hide and secure your online activities. If you can't fully trust the app or the company behind it, you might want to reconsider your choices and stick to the ones that have a long reputable history and have been tried and tested by verified VPN sites.




Tags

Comments

October 8th, 2019

Great article!
Some countries - especially those ruled by a dictatorship- always try to spy on thier citizens in order to keep them under control.
VPN were developed to help you keep your privacy. Take NordVPN for example, it has no-logs policy and uses a military-grade-encryption, In simple words it makes it impossible for your governor to spy on you. On the other hand a free VPN will record your activities and serve them on a golden platter to the first client.
I recommend you check out this website so you learn more about how VPN search on google play was manipulated and how dangerous free VPNs can be https://vpnpro.com/blog/how-to-manipulate-google-play-rankings-and-get-280-million-installs/

More by Ivar

Topics of interest