Majority of Android VPN Apps Untrustworthy or Malicious

Security researchers including from Straya's own CSIRO have studied 283 VPN apps for Android and found big problems with many of these applications.

Some findings: 84% of them leaked traffic data via IP6, 66% of them leaked DNS data, 75% used third party tracking services and 18% didn't encrypt communications at all. Great stuff.

These applications are hosted by Google's Play service. 38% of them contained malicious code according to Virustotal, a Google owned service. So if you were wondering if Google's terrible attitude to security on Android is changing there's your answer.

Services called out as "malicious or intrusive": EasyOvpn, VPN Free, Tigervpns, DNSet, CM Data Manager, Rocket VPN, Globus VPN, Spotflux VPN and CyberGhost.

Services flagged up as containing malware in the VirusTotal database: OkVpn, EasyVpn, SuperVPN, Betternet, CrossVpn, Archie VPN, HatVPN, sFly Network Booster, One Click VPN, and Fast Secure Payment.

Using home broadband connections (possibly hacked computers) as egress points: Open Gate, VPN Gate, and VyprVPN

Tigervpns, StrongVPN, and HideMyAss raised suspicions after exogenous traffic was spotted from them.

One service they recommended was F-Secure Freedome VPN which unfortunately costs $50 per year so no one will use it.

http://www.theregister.co.uk/2017/01/28/vpn_on_android_means…
https://arstechnica.com/security/2017/01/majority-of-android…