Logo Header Menu

New report slates Apple and Google for allowing unsafe free VPN apps posing privacy risk

Apple and Google ignored written notice of free VPN apps that continue to pose privacy risks. Chinese VPN’s part of problem. Information Age speaks to report's author. New report slates Apple and Google for allowing unsafe free VPN apps posing privacy risk image

According to a new report  from VPN review site Top10VPN.com, Apple and Google are risking the privacy of hundreds of millions of users of their app stores by ignoring mounting evidence that the free VPN (virtual private network) category of apps needs a complete overhaul.

The report author Simon Migliano, Head of Research at ​Top10VPN.com said, “Apple and Google ignored my request so I have published my findings in a comprehensive new report. Since the publication, Apple have now agreed to look at the report but have yet to take any action.”

The report found that:

  • 75% of VPN apps flagged as potentially unsafe in a previous study were still at risk 6 months later,
  • and that they are surging in popularity. The risky apps from the Risk Index alone have doubled their total downloads in the last 6 months to 518 million installs.

Information Age spoke to Simon Migliano.

Information Age: why does this matter?

Simon Migliano: “Free VPN usage is surging around the world in response to increasing internet censorship in countries with authoritarian governments and the erosion of privacy everywhere due the lucrative data economy, combined with encroaching state surveillance.

“A huge number of people are affected by these privacy and security issues. The total downloads of the free VPN Android apps I flagged as potentially unsafe have doubled in just six months to over half a billion installs.

Given China’s strict VPN ban and general hostility to internet freedom and privacy, the question is then why they permit these VPN services to continue operating?

“This is also made much more serious due to the sensitive nature of the affected apps. A VPN user’s entire internet activity is exposed to the service operator so there absolutely needs to be proper protective measures in place to mitigate that risk.

Information Age: What are the implications?

Simon Migliano: The implications of my findings are wide-ranging.

It’s become clear that there are many companies operating VPN services who are not fit to do so. They lack the professionalism required to deliver such a service in a safe and secure manner, more focused on ways to monetise their users’ data by stuffing their apps with ad tech than on privacy.

Indeed this report exposes the inherent incompatibility of the ad-supported free app model with VPN services.

A full quarter of the flagged Android apps don’t even work properly! The developers lack the skills and experience to create VPNs that don’t leak DNS and WebRTC data that expose users’ identities.

Cyber espionage: US Senators urge DHS to probe foreign VPNs over national security concerns

Two U.S. Senators have expressed concerns that federal government employees may be jeopardising the nation’s security by using Virtual Private Networks (VPNs) made by foreign companies, William Chalk takes up this tale of cyber espionage.

There’s also the issue of China’s quiet infiltration of this market. It’s extremely unlikely that these highly visible apps with millions of users are operating without the Chinese government’s knowledge or tacit approval.

Given China’s strict VPN ban and general hostility to internet freedom and privacy, the question then is why they permit these VPN services to continue operating?

As more instances of Chinese foreign intelligence gathering targeting consumer communications come to light, it adds weight to the suspicion that the Chinese government sees these services as sources of valuable information on their rivals’ internet habits.

It’s also abundantly clear that Google and Apple are not providing appropriate oversight of this category in their app stores. It’s shocking that such obviously poor quality apps and services are permitted to remain available for download.

5 reasons why every internet user needs a VPN

About a decade ago, Tor was the go-to place for every online privacy enthusiast. With the promise of encrypting and anonymizing your online traffic, Tor was definitely the de facto savior.

Information Age: What can the companies concerned do about this?

Simon Migliano:  The free VPN operators need to look to the paid and freemium VPN market and adopt their practices in terms of detailed privacy policies and third-party audits. They need to be transparent about logging and data retention and what measures are in place to prevent data abuses.

They also need to be more transparent about where the companies are based and who runs them. There is a complete black hole at the moment when it comes to background information on just who runs these apps and why we should trust them.

Information Age: Is this an opportunity for other companies to grab market share?

Simon Migliano: This is really the only model that works. Ideally, more companies offering paid services would also offer a generous free version in the hope that a proportion of their free users upgrade. At the moment, there’s only two services like this that I would feel comfortable using myself.

Conversely, the free VPN providers could also offer a paid service to lessen their reliance on ad revenue.

There’s certainly a big opportunity for genuine players to double down on transparency in terms of who they are and how they make money.

Simon Migliano: they are letting everybody down

Information Age: Apple has made a big thing about its approach to privacy, it has become one of its USPs. Does this report suggest that the Apple halo is not so bright after-all.

Simon Migliano:  It’s baffling that Apple has handled this so poorly. They are only now just starting to look at this after nine months of me banging this drum with the support of the media around the world. They have stuck their head in the sand and hoped the problem would go away.

It’s clear that they know there’s an issue as they updated their developer guidelines in June to specifically ban VPNs from sharing data with third parties but they failed to follow through and ban offending apps.

There’s a real opportunity for them to show leadership here and set the benchmark for the growing VPN industry and become the defacto regulator. I really hope they come to understand and embrace this.

In the meantime, they are letting everybody down —  especially those vulnerable users who rely on free VPNs to access the internet and avoid persecution.

Sign up for Information Age Newsletters

Latest news

divider
Data Storage & Data Lakes
Informatica VP on getting the best out of data lakes

Informatica VP on getting the best out of data lakes

17 January 2020 / For some companies, data lakes may seem too disorderly to be a viable option for [...]

divider
Tech Giants
Microsoft pledges to be carbon negative by 2030 — is it achievable?

Microsoft pledges to be carbon negative by 2030 — is it achievable?

17 January 2020 / Microsoft have announced it’s plans to be carbon negative by 2030. Executives from the internet [...]

divider
Healthcare
MedTech investing set to become the new hot ticket in 2020

MedTech investing set to become the new hot ticket in 2020

17 January 2020 / In recent years, all the buzz has been about FinTech, RegTech and Mobility. But, 2020 [...]

divider
CIO
How low-code helps CIOs accelerate digital transformation

How low-code helps CIOs accelerate digital transformation

16 January 2020 / TGI Fridays recently introduced Flanagan, an AI mixologist. It is an app and chatbot that [...]

divider
Business Skills
How to manage digital certificates (ahead of AWS refresh)

How to manage digital certificates (ahead of AWS refresh)

16 January 2020 / In IT, it’s essential to have trust that whatever you are interacting with is actually [...]

divider
Releases & Updates
Blue Prism launches new SaaS offering to bolster RPA flexibility

Blue Prism launches new SaaS offering to bolster RPA flexibility

16 January 2020 / In what’s been referred to as an industry first, the new offering will allow businesses [...]

divider
Financial Services
Four ways banking security will change in 2020

Four ways banking security will change in 2020

16 January 2020 / As ever, banks have had to fight hard to protect their customers from financial fraud [...]

divider
Releases & Updates
TSB partners with IBM Services to leverage hybrid cloud capabilities

TSB partners with IBM Services to leverage hybrid cloud capabilities

15 January 2020 / TSB joins Bank of America and BNP Paribas as another financial services provider to partner [...]

divider
Diversity
Tech Talent Charter launches 2019 Diversity in Tech benchmarking report

Tech Talent Charter launches 2019 Diversity in Tech benchmarking report

15 January 2020 / The 2019 Diversity in Tech benchmarking report was carried out by the Tech Talent Charter [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest