Wednesday, May 7, 2025
HomeAndroidFree Android VPNs Suffering Encryption Failures, New Report

Free Android VPNs Suffering Encryption Failures, New Report

Published on

SIEM as a Service

Follow Us on Google News

VPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data. 

They also help unblock region-restricted content through IP address hiding, support anonymity on the Internet, and protect secure information more so when using insecure Wi-Fi.

Cybersecurity researcher Simon Migliano at Top10VPN recently discovered that free Android VPNs are suffering encryption failures.

- Advertisement - Google News

Free VPNs Encryption Failures

Encouraged by the growing trends of government-imposed internet restrictions worldwide and subsequent appeal for virtual private networks (VPNs), this study examines the privacy and security issues about free VPN applications.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

Since 2018, the total installations of the 100 most popular free Android VPNs have skyrocketed from 260 million to over 2.5 billion.

This in-depth research evaluated the privacy and security risks associated with the top 100 free Android VPN apps, which have garnered over 2.5 billion total installations due to increasing global demand.

By testing each app on separate devices, using various tools within an isolated environment, the study identified shocking flaws in encryption, data leakage, and privacy-infringing functions in the codes of these apps.

Most importantly, it was discovered that most of them openly shared personal user information directly with firms such as “Yandex” and “Bytedance,” consequently showing a contradiction between serving people without charging them and safeguarding a VPN’s real confidentiality goal.

For those who cannot afford to pay for VPNs, it is possible to find good, free ones by doing extensive research. However, affordable paid options are more reliable.

The tests revealed worrying encryption flaws and data leakage among all 100 free VPN applications.

11 experienced full-scale breakdowns in the encryption process, slightly over a third deployed an inadequate form of encryption, and few used the best hashing algorithms or TLS 1.3.

This resulted from 88 leaking information, including 83 that disclosed DNS requests and 79 that did not tunnel all traffic. Over half of these applications suffered from connection instability.

A comprehensive study on user privacy and security vulnerabilities, conducted through Wireshark traffic analysis within a unique test environment, unraveled such extensive vulnerabilities.

Here below, we have mentioned the names of those 11 VPNs:-

  • HTTP Injector
  • Phone Guardian VPN
  • VPN Private
  • iTop VPN
  • PotatoVPN
  • Swift VPN
  • Tenta Private VPN Browser
  • Maple VPN
  • GoFly VPN
  • AVG Secure Browser
  • VPN Satoshi

11 apps were found to have no encryption at all, consequently exposing the browsing activities.

Many of these data leaks were widely spread, 83 of them leaked DNS requests and only 79 could tunnel all traffic.

In addition, many of the investigated apps (96) contained code with potential privacy impacts but some had first-party location tracking together with permissions.

More worrying were those with 12 apps, including third-party precise location tracking code and permissions; some even track in the background.

The main contributors to major privacy concerns included SDKs such as ByteDance, Yandex, and Facebook embedded in popular apps.

In total, during this test period, 71 applications shared personal information while their VPN was still running.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas

A former information technology manager has filed a whistleblower lawsuit alleging a major security...

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas

A former information technology manager has filed a whistleblower lawsuit alleging a major security...

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...