When you download an app, you give it access to your smartphone and its data. Only last week Meitu’s selfie app was criticised for sharing users’ location information with China.
One way to ensure your data is safe is to use a VPN – virtual private network app – to encrypt the information being shared online. However, some of these apps are not as secure as they appear with around 38 per cent of Android VPN apps found to contain malware.
The top Android security apps to keep your phone and tablet safe
Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO) alongside researchers from the University of South Wales and UC Berkley, studied 234 VPN apps on the Google Play Store. Of the apps analysed, more than a third were found to be tracking users through malvertising or malware. In addition, 18 per cent of the apps studied didn’t encrypt internet traffic and eight in 10 requested access to sensitive data, including user accounts and text messages.
“The very reason users install these apps – to protect their data – is the very function they are not performing and these apps have been used by tens of millions of users,” said CISRO in a blog post.
When investigating the VPNs, the researchers downloaded tools that allowed them to reverse-engineer the Android application package (APK) used in each app. They then analysed the source code and Android Manifest file, which identifies information about the app, such as the access permissions needed to use it.
The apps were then given an anti-virus (AV) ranking based on the findings. Of the top 10 worst VPN apps, 43 per cent contained adware, 17 per cent contained malvertising, six per cent contained riskware and five per cent contained spyware.
The worst VPN apps, according to CISRO
- Archie VPN
- sFly Network Booster
- One Click VPN
- Fast Secure Payment
Of these apps, OkVpn, EasyVPN and sFly Network Booster were no longer listed on the Google Play store as of August 2016.
As well as analysing the security of the VPNs, the team investigated Android users’ perceptions of the VPN apps by analysing public user reviews available on the Google Play Store. It was found that only a marginal number, around one per cent, of VPN users had publicly raised any security and privacy concerns in the app reviews.
“In spite of the promise of privacy, security and anonymity given by the majority of VPN apps – millions of users may be unawarely [sic] subject to poor security guarantees and abusive practices inflicted by VPN apps,” said the study.
Dali Kaafar, professor and senior principal researcher at CISRO, advised Android owners to shop around when looking for VPNs by comparing functionality and reading app reviews before signing up to a particular one.
“Always pay attention to the permissions requested by apps that you download. This study shows that VPN app users, in particular, should take the time to learn about how serious the issues with these apps are and the significant risks they are taking using these services,” he said.