We looked at 283 Android VPN apps and discovered the very reason users install these apps – to protect their data – is the very function they are not performing.
Hooded person holding a red card
Hooded person holding a red card with digital

Virtual Private Networks aren’t as private as the name suggests.

Have you ever been spied on? Or worse, maybe you have and don’t even know it.

Whether it’s the Peeping Tom lurking in the bushes or Big Brother monitoring our every move, the thought of being followed makes us uncomfortable (and a tad paranoid).

Privacy is important to us – both our physical and virtual privacy that is. Our online identities are extremely valuable, however, our ability to control who sees what is limited.

With more personal information being collected than ever before, people are seeking to secure and anonymise their data.

You may have heard of this thing called a VPN – Virtual Private Network? No doubt you won’t need much schooling on what a VPN is if you are: a) a regular torrent user or b) a sports enthusiast trying to watch the latest game behind a region-restricted pay wall.

But now that mobile phones are essentially mobile computers, millions of users worldwide are turning to mobile VPN apps to hide their browsing activity, access region-restricted content and ensure their data is secure when using public Wi-Fi networks.

We recently published a report with the University of New South Wales and the University of Berkeley has revealed that these apps are not as secure as they make out to be.

The first analysis of its kind, the report looked at 283 Android VPN apps, investigating a wide range of security and privacy features.VPN facts from the study

Alarmingly, the report uncovered that not only did 18 per cent of the apps fail to encrypt users’ traffic but 38 per cent injected malware or malvertising – software designed to damage or gain access to the users’ information. The very reason users install these apps – to protect their data – is the very function they are not performing and these apps have been installed by tens of millions of users.

And what’s more, the report found that over 80 per cent of apps requested to access sensitive data such as user accounts and text messages.

While most of the examined apps offer (some form of) online anonymity, some app developers deliberately sought to collect personal user information that could then be sold on to external partners.

Ironically, the report found that less than 1 percent of users had any security or privacy concerns about these apps.

Our Professor and Senior Principal Researcher in Online Privacy and Security, Dali Kaafar explained that the findings of the study were shared with developers whose apps displayed security shortcomings.

“Several of them [app developers] took actions to fix the identified vulnerabilities.  Some apps were even removed from the Google Play Store,” said Mr Kaafar.

Mr Kaafar encourages users to shop around, compare functionality and read app reviews before signing up to a particular VPN app to avoid falling for the illusion of privacy that some of these apps offer.

“Always pay attention to the permissions requested by apps that you download. This study shows that VPN app users, in particular, should take the time to learn about how serious the issues with these apps are and the significant risks they are taking using these services.”

Read the full report here.



  1. Pingback: VPNs 101: What’s a VPN, Do You Need One, and How to Get Started | iPhone 8

  2. Pingback: VPNs 101: What’s a VPN, Do You Want One, Unfastened vs Paid VPNs, and The right way to Get Began – Tech Rumors

  3. If you feel the site is using your VPN, all you have to do all you have to do is find the program key, write a match program 2 lines , that then reprograms the key.
    If they persist, …your turn. To fiqure it out.

  4. Why haven’t you revealed the good apps?

    1. If they reveal the apps that they found as good, then it could lead people to accusing them of being “bought out” by the developers of said app, and then if there does happen to be a security flaw or something of a similar nature with the app, people who learnt of the app from this might go after CSIRO.

  5. Pingback: Android VPN apps failing to offer the security functions they advertise, study finds – Media News

What do you think?

We love hearing from you, but we have a few guidelines.