Tested: 150 free VPN apps with over 260M installs from Google Play store

free VPN apps with over from Google Play store 25% fail to protect user privacy due to DNS and other leaks

fail to protect user privacy due to DNS and other leaks 85% feature excessive permissions or functions with potential for privacy abuses

feature excessive permissions or functions with potential for privacy abuses Long list of other security flaws and performance issues

Introduction

Note: this report is being constantly updated as we receive and assess responses from developers of apps listed in the Risk Index

The purpose of the Risk Index is to help consumers avoid inadvertently using flawed apps that compromise their privacy and security. It focuses on the technical performance of Android VPN apps available on Google Play. For background on Virtual Private Networks, see our What is a VPN? guide. It is a companion piece to our free VPN app investigation that explored the background of the often secretive companies operating the most popular of these apps.

To create the Risk Index, we tested the top 150 free VPN apps by total installs. [Note that whenever we refer to “free” in this report we mean ‘gratis’ or provided without charge. These apps are not “free” software as in the sense of “freedom”, such as open source software.] We tested for effective encryption, browser leaks, viruses and malware, dangerous app functions and behaviors, along with comprehensive network tests. We also analyzed excessive app permissions.

While many of our Risk Index findings are straightforward in what they reveal about a particular app, such as the presence of DNS leaks or network anomalies, the analysis of permissions and risky functions needs to be placed in proper context as it provides us with illuminating insight into the category of free apps as a whole.

The mere presence of some of these intrusive permissions or risky functions is not necessarily malicious but neither does that mean they are typically benign.

Some can be required to enable the aggressive advertising keeping these apps “free” for example. What’s even more disturbing however is when location-based permissions and functionality are used to geo-target ads to users with an active VPN connection – which is not a practice with which many consumers would be comfortable.

The presence of these permissions and risky functions is also often a sign of quick and dirty development and lack of focus on user privacy that results in apps that just don’t do enough to earn user trust.

It’s standard practice for developers to use third-party libraries for common functionality, however the problem arises if no-one thinks to check for excessive, intrusive permissions and functions bundled with them or just don’t care enough to spend time removing them. While perhaps understandable in a free app, how is the average consumer to know whether the developer is malicious or just lazy?

Some of the risky functions we identified may also be “dormant”, left in the code even as corresponding permissions were removed, rendering them unable to successfully execute – unless of course said permissions were to be reinstated with an app update.

Then there’s the in-built protection offered by recent versions of Android where upon install, an app’s permissions are set to “denied” as default until the app requests they be granted. This doesn’t take into account less experienced users who tap OK without fully understanding what they are doing.

Our view is that – even putting more malicious scenarios aside – this state of affairs is nowhere near good enough and that consumers trying to protect their privacy deserve better. Nor does it have to be this way, none of these risky permissions or functions are to be found in the leading paid-for VPN apps, which closes the door to any potential privacy abuses.

Consumers determined to use a free service should absolutely do their research outside of the Play store and look at independent free VPN recommendations.

Summary Findings

Leaks

25% of apps tested positive for DNS leaks (38 apps)

of apps tested positive for DNS leaks (38 apps) 4 apps also tested positive for WebRTC leaks

apps also tested positive for WebRTC leaks 2 apps suffered the full sweep of leaks (DNS, WebRTC and IP address)

Jump to Extended findings on Leaks | Testing Methodology | VPN Risk Index

Permissions

67% of apps have intrusive permissions (100 apps). Each of these permissions is categorized as “dangerous” in the official Android developer documentation

of apps have intrusive permissions (100 apps). Each of these permissions is categorized as “dangerous” in the official Android developer documentation 25% of apps may ask users to grant permission to track their location (38 apps)

of apps may ask users to grant permission to track their location (38 apps) 39% of apps may ask users to grant permission to access personal information about their device (59 apps)

of apps may ask users to grant permission to access personal information about their device (59 apps) Other intrusive permissions included use of the camera or recording via the microphone without a user’s knowledge, accessing contacts and even secretly sending SMS

Jump to Extended findings on permissions | Testing Methodology | VPN Risk Index

Risky Functions

Identification of risky functions in the source code of tested apps was dependent on the availability of scan data from the Tencent Habo Malware Analysis System. Where no data was available, the result was recorded as “Not detected”. Therefore the number of apps displaying such behavior should be considered to be at the lower bound.

63% of all apps featured functions with the potential for privacy abuses not expected from a VPN app (95 apps)

of all apps featured functions with the potential for privacy abuses not expected from a VPN app (95 apps) 87 of these apps displayed the LocationManager;-getLastKnownLocation behavior, who function is to get the last known location of the device. However, 56 of them did not request the corresponding permission.

Jump to Extended findings on functions | Testing Methodology | VPN Risk Index

Virus & Malware Scans

All app binaries were uploaded to VirusTotal, which performs scans using over 60 utilities. The resulting reports are publicly available.

18% of all apps returned positive matches when scanned for potential viruses or malware (27 apps)

Jump to Testing Methodology | VPN Risk Index

Network Tests

Network tests were completed on 103 apps. Of the remaining 47 apps, 36 appeared to be blocking testing traffic while nine failed to create a functioning network to test.

38% of tested apps displayed at least one “major abnormality” in their network testing results (39 of 103 apps), which largely centred around red-flag DNS behavior 14% of apps used DNS servers included on significant blacklists, which can prevent users accessing sites while connected to that VPN.

of tested apps displayed at least one “major abnormality” in their network testing results (39 of 103 apps), which largely centred around red-flag DNS behavior 95% of tested apps displayed at least one “minor aberration” in their network testing results (98 of 103 apps) 50% had at least four “minor aberrations” 22% had at least six “minor aberrations”

of tested apps displayed at least one “minor aberration” in their network testing results (98 of 103 apps) 62% of tested apps had TCP blocked on at least one port (64 of 103 apps). While typically temporary rather than permanent blocks, the end result is an unreliable internet experience with browsers displaying errors before eventually loading pages, email clients failing to immediately download messages etc

of tested apps had TCP blocked on at least one port (64 of 103 apps). While typically temporary rather than permanent blocks, the end result is an unreliable internet experience with browsers displaying errors before eventually loading pages, email clients failing to immediately download messages etc 53% of tested apps failed to process all DNS types, most importantly EDNS0, which allows larger UDP packet sizes (>512 bytes). This DNS type is becoming increasingly common, in particular as more queries are made using the cryptographic DNSSEC extension, to ensure DNS responses are valid and are not being changed by a MITM attack. For users of these VPN apps, these DNS queries may be slower than normal, or even not resolve successfully resulting in an “unknown host” message instead of the desired web page.

of tested apps failed to process all DNS types, most importantly EDNS0, which allows larger UDP packet sizes (>512 bytes). This DNS type is becoming increasingly common, in particular as more queries are made using the cryptographic DNSSEC extension, to ensure DNS responses are valid and are not being changed by a MITM attack. For users of these VPN apps, these DNS queries may be slower than normal, or even not resolve successfully resulting in an “unknown host” message instead of the desired web page. 52% of tested apps had various network performance issues: packet loss, high latency, low bandwidth, high packet buffering (54 of 103 apps). These issues cause particular problems with VOIP, video calling and gaming however they can also severely slow down the overall internet experience, especially in combination with each other.

Jump to Extended findings on network tests | Testing Methodology | VPN Risk Index

Encryption

We tested whether each app successfully created an encrypted VPN connection. We were pleased, if pleasantly surprised, to find that 100% of the connections created by the apps in the Risk Index were encrypted.

We tested encryption for each app by creating a VPN connection on an isolated network and using tcpdump to monitor traffic as we accessed a simple web page. We then analyzed the data we had captured for any unencrypted content from that page. We also re-tested a random sample in a later independent session in order to verify the results.

Read our full guide to VPN encryption and protocols.

Extended Findings: Leaks

We tested for three types of leak: DNS, WebRTC and IP address, all of which expose users’ true identity.

DNS leaks

38 apps suffered DNS leaks. This security flaw occurs when a VPN fails to force DNS requests through its encrypted tunnel to its own DNS servers and instead permits the DNS requests to be made directly to the default ISP DNS servers.

Even though the rest of a user’s traffic is concealed, such a leak exposes a user’s browsing history to their ISP and any third-party DNS server operator that it may use.

Not only does this defeat the purpose of using a VPN, such a leak would typically go undetected by a user unless they knew to test their connection.

WebRTC leaks

Only 4 apps suffered WebRTC leaks. WebRTC (or Web Real-Time Communication) is a browser-to-browser communication technology intended to deliver faster speeds for high-bandwidth applications like video chat.

The problem is that WebRTC communication not only requires a real IP address but can also bypass the VPN tunnel. It’s also possible for third-parties to exploit WebRTC functionality to request a user’s true IP address.

While less of a common problem than a DNS leak, these leaks also undermine VPN user privacy.

IP leaks

Only 2 apps suffered this fundamental leak, whereby a user’s true IP address is visible rather than being replaced by the IP address of the VPN. Given the standardized nature of our testing, the usual reasons for such leaks, such as the use of vulnerable older technologies like Flash, do not apply here.

These two VPNs (VPN super free and Super Fast Hot VPN) are essentially broken and not fit for purpose.

Back to Summary Findings

Extended Findings: Intrusive Permissions

We found the following inappropriate intrusive permissions were among those requested by the 150 apps in the index.

None of these permissions is necessary for the core functions of a VPN and each has the potential for privacy abuses. The table below indicates the number of apps featuring each permission.

While we also found additional excessive permissions, they were not considered intrusive and therefore not listed.

Aside from potentially malicious purposes, a proportion of these instances of intrusive permissions will arise from advertising practices. Ad platforms will require certain permissions to function while locations-based permissions enable geo-targeting of ads.

Others will have arisen from the use of third-party libraries for common functionality without due consideration given to the privacy implications of the permissions bundled therein.

Unfortunately for consumers, there is no way to determine whether a risky permission is there in order to spy on them, to better advertise to them or just as a result of poor development practices.

Note that permissions are set to “denied” upon app install and must be explicitly requested by the app and granted by the user.

Privacy Red Flags

Permission Definition Found in

(apps) WRITE EXTERNAL STORAGE Allows app to read, modify or delete the contents of external storage devices, such as SD cards 77 READ PHONE STATE Access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on. 54 ACCESS FINE LOCATION Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power. 38 ACCESS COARSE LOCATION Access approximate location sources such as cell towers and WiFi. Malicious applications can use this to determine your approximate location are and may consume additional battery power. 32 READ EXTERNAL STORAGE Allows app to read the contents of external storage devices, such as SD cards 24 BLUETOOTH Permits access to the configuration of Bluetooth on the device, and to make and accept connections with paired devices. Not at all relevant for VPN apps. 7 READ CONTACTS Allows app to read data about contacts stored on the device, including frequency of calls, messages, emails and other communications. It also allows apps to save contact data. Malicious apps may share contact data without a user’s knowledge. 3 CAMERA Take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time. 3 SEND SMS Allows the app to send SMS messages, which can result in unexpected charges. Malicious apps may cost a user money by sending messages without requiring additional confirmation. 2 RECORD AUDIO Allows app to record audio via the microphone. This permission allows the app to record audio at any time without additional user confirmation. 1 READ CALENDAR Allows an application to read the user’s calendar data. Malicious apps are able to access data on a user’s daily routine. 1 ACTIVITY RECOGNITION Allows an application to determine whether a user is moving or stationary. 1

It should be noted that in addition to the above active permissions we also discovered a number of deprecated permissions that are no longer supported by the Android operating system but were at one time considered high-risk.

Among these were the “get tasks” permission (found in 26 apps) that returned a list of tasks that the user had recently launched but was was deprecated due the potential to leak personal information. Similarly “read logs” (five apps) that’s no longer available to third-party apps due to privacy issues and “use credentials” permission in two apps that used to give apps access to user accounts such as their Google account.

While these permissions are no longer valid, it does raise the question of why there were included in the first place.

Back to Summary Findings

Extended Findings: Risky Functions

We detected the following risky Java commands and functions in the source code when scanning the 150 apps in the index using the VirusTotal tool.

On the face of it, none of these functions is necessary for a VPN to function and each has the potential for privacy abuses. The table indicates the number of apps featuring each permission.

While we also found additional functions flagged as risky, they were not considered to have potential privacy implications and therefore are not listed.

As with the intrusive permissions elsewhere in this report, the reason for their presence will vary by app.

Some will be legitimate – and where developers have been able to provide justification for their use, we have included this in the relevant app summary in the Index.

Many more will be to enable more effective – and targeted – advertising, something we believe is at odds with the concept of VPN.

What we don’t know is how many are being used for malicious purposes or, even more worryingly, could be exploited at some point in the future.

Privacy Red Flags

Functions Potential Definition Found in

(apps) LocationManager;->getLastKnownLocation Get last known location 87 java/lang/Runtime;->exec Execute system command 48 TelephonyManager;->getDeviceId Get info like IMEI, phone number or OS version 45 TelephonyManager;->getSimSerialNumber Get SIM serial number 9 TelephonyManager;->getLine1Number Get phone number 9 ActivityManager;->killBackgroundProcesses Kill process like AV 9 Camera;->open Open camera 6 PowerManager;->reboot Reboot cellphone 4 SmsManager;->sendTextMessage Send normal SMS 4 ContentResolver;->query Read database like contact or sms 1

Note: we only found one instance of the ContentResolver;->query (Read database like contact or SMS) function where there was also the corresponding permissions: Free Proxy Master. Due to the broadness of the function, all other instances were discounted.

Of particular concern are the two instances of apps that feature both the Camera;->open function and the corresponding permission: SkyVPN and Squid VPN.

Back to Summary Findings

Extended Findings: Network Tests

Network tests were conducted on 103 apps. Of the remaining 47 apps, 36 apps blocked testing traffic while 9 apps failed to create a functioning network to test. Results are grouped into major abnormalities and minor aberrations.

See full network test results for all apps as a PDF or as a Google Doc.

Major Abnormalities

14 apps using DNS servers listed on significant blacklists, which can prevent users accessing sites while connected to that VPN.

7 apps returned unexpected results when looking up important names, which according to the International Computer Science Institute at Berkeley, “could be caused by an error somewhere in the domain information, deliberate blocking or redirection of a site using DNS, or it could be that your ISP’s DNS Server is acting as a DNS ‘Man-in-the-Middle’.”

22 apps were using DNS servers that were slow to look up names, meaning page loads times would be noticeably slow and sometimes even fail to load.

2 apps used transparent proxies that were vulnerable to attack.

5 apps used in-network HTTP caches that incorrectly cached information, raising concerns about caching information when explicitly being told not to and thus may be serving out-of-date or private data. There is also a risk in such behavior of storing and serving up other users’ session data in the event of two users accessing the same website.

Minor Aberrations

64 apps had TCP blocked on at least one port. While this was typically temporary rather than permanent blocks, the consequence is a very glitchy and unreliable internet experience with browsers displaying errors before eventually loading pages, email clients failing to immediately download messages etc

30 apps had UDP blocked on at least one port. While web browsers don’t use this protocol, other apps may be glitchy, reporting intermittent connection errors.

54 apps had various network performance issues: packet loss, high latency, low bandwidth, high packet buffering These issues cause particular problems with VOIP, video calling and gaming however they can also severely slow down the overall internet experience, especially in combination with each other.

27 apps failed to process all DNS types, most importantly EDNS0, which allows larger UDP packet sizes (512 bytes). This DNS type is increasingly being used to ensure websites load as quickly as possible, a critical priority for web developers. For users of these VPN apps, these DNS queries may not resolve successfully resulting in an “unknown host” message instead of the desired web page.

5 apps employed content filters that blocked file types such mp3s, .exe and torrents, which would prevent users downloading such files even from legitimate sources.

32 apps employed at least one proxy (typically on 10 or more ports). The presence of proxies raises potential concerns of covert monitoring of activity by the VPN provider. At the very least, proxies intercept activity such as DNS queries, which may cause applications to stop working as expected.

4 apps displayed strange behavior where IP addresses were different for HTTP traffic vs non-HTTP traffic

We also found instances (such as VPN Express) where the VPN forced UDP requests to their own DNS server over port 53 without giving the option to override this. Given the lack of privacy policy protections, opens up the possibility of logging.

Read our full guide to IP, DNS, WebRTC, and IPv6 leaks.

Back to Summary Findings

VPN Risk Index Summary: Apps 1-10

Back to top of Risk Index

VPN Risk Index Summary: Apps 11-20

App

(Installs) Risky Permissions DNS Leaks Risky Functions Virus / Malware VPN Private

(10M) Not detected No leaks Detected No Betternet

(10M) Detected No leaks Not detected No Touch VPN

(10M) Detected No leaks Not detected No AnonyTun

(5M) Detected No leaks Detected No Super VPN

(5M) Detected No leaks Detected No EasyOvpn

(5M) Detected No leaks Detected No Secure VPN

(5M) Detected Leaks Not detected No Thunder VPN

(5M) Detected Leaks Detected No Yoga VPN

(5M) Detected Leaks Detected No X-VPN

(5M) Detected No leaks Detected No

Back to top of Risk Index

VPN Risk Index Summary: Apps 21-30

Back to top of Risk Index

VPN Risk Index Summary: Apps 31-40

Back to top of Risk Index

VPN Risk Index Summary: Apps 41-50

Back to top of Risk Index

VPN Risk Index Summary: Apps 51-60

Back to top of Risk Index

VPN Risk Index Summary: Apps 61-70

Back to top of Risk Index

VPN Risk Index Summary: Apps 71-80

Back to top of Risk Index

VPN Risk Index Summary: Apps 81-90

Back to top of Risk Index

VPN Risk Index Summary: Apps 91-100

Back to top of Risk Index

VPN Risk Index Summary: Apps 101-110

Back to top of Risk Index

VPN Risk Index Summary: Apps 111-120

Back to top of Risk Index

VPN Risk Index Summary: Apps 121-130

Back to top of Risk Index

VPN Risk Index Summary: Apps 131-140

Back to top of Risk Index

VPN Risk Index Summary: Apps 141-150

Back to top of Risk Index

Hotspot Shield Free VPN Proxy & Wi-Fi Security

Details

Developer: AnchorFree GmbH

APK file name: hotspotshield.android.vpn

Installs

50,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

LocationManager;->getLastKnownLocation | Get last known location

ActivityManager;->killBackgroundProcesses | Kill process like AV

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 3

3 Minor aberrations: 6

Full network test results.

VPN Provider Response

Hotspot Shield provided a very detailed response. Summary as follows:

READ_PHONE_STATE is used to ensure no upsell screens or app notifications interrupt a user while on a call. HSS states they store no information on user phone numbers nor serial numbers and provided evidence of transparency audits.

WRITE_EXTERNAL_STORAGE enables a disk clean-up feature bundles with the app.

ActivityManager;->killBackgroundProcesses enables a battery life improvement feature by killing background processes.

TelephonyManager;->getDeviceId is used to get the SIM country for geo targeting things like GDPR based on user country. HSS emphasised that they never store or log the user IP address.

LocationManager;->getLastKnownLocation is used for city-level targeting of features to different regions when inside the VPN tunnel. HSS state they only use this in real time and do not store user location or user IP addresses.

java/lang/Runtime;->exec is used by the Paypal Braintree 3rd party library, to allow users to purchase subscriptions using Paypal.

Our view is that Hotspot Shield Free takes appropriate steps to mitigate the risks associated with the permissions and functions identified above, especially as their claims are backed up by security and transparency audits. While we will never be comfortable with using location data to target ads to VPN users, their senior management’s detailed responses have satisfied us that sufficient protections are in place that user privacy is not at risk. Using any free VPN involves a trade-off and at least with Hotspot Shield Free, it is in all other respects one of the better free VPNs available.

Back to Risk Index

SuperVPN Free VPN Client

Details

Developer: SuperSoftTech

APK file name: com.jrzheng.supervpnfree

Installs

50,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

DNS leak

Dangerous Functions/Behaviors

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

LocationManager;->getLastKnownLocation | Get last known location

Virus Test Positives

None

Network Test Results

Major abnormalities: 1

1 Minor aberrations: 4

See full network test results.

Read our full SuperVPN review.

Back to Risk Index

Hi VPN – Super Fast VPN Proxy, Secure Hotspot VPN

Details

Developer: Hi Security

APK file name: com.ehawk.proxy.freevpn

Installs

10,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

WRITE_EXTERNAL_STORAGE

READ_PHONE_STATE

Leaks

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

Minor aberrations: 4

Full network test results.

Back to Risk Index

Hotspot Shield Basic – Free VPN Proxy & Privacy

Details

Developer: AnchorFree GmbH

APK file name: hssb.android.free.app

Installs

10,000,000 | 4.5 stars | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

None found

Virus Test Positives

None

Network Test Results

Major abnormalities: 3

Minor aberrations: 6

Full network test results.

VPN Provider Response

Hotspot Shield provided a very detailed response. Summary as follows:

READ_PHONE_STATE is used to ensure no upsell screens or app notifications interrupt a user while on a call. HSS states they store no information on user phone numbers nor serial numbers and provided evidence of transparency audits.

WRITE_EXTERNAL_STORAGE enables a disk clean-up feature bundles with the app.

Our view is that the explanations for these permissions appear legitimate, especially as their claims are backed up with security and transparency audits. See the response for Hotspot Shield Free for additional information.

Read our full Hotspot Shield Free review.

Back to Risk Index

Psiphon Pro – The Internet Freedom VPN

Details

Developer: Psiphon Inc.

APK file name: com.psiphon3.subscription

Installs

10,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

Minor aberrations: 3

Full network test results.

VPN Provider Response

Psiphon provided a swift and detailed response, as follows:

WRITE_EXTERNAL_STORAGE allows the built-in browser to download files.

java/lang/Runtime;->exec – org.zirco.utils.ProxySettings class is used to set the built in browser’s proxy settings.

LocationManager;->getLastKnownLocation & ACCESS_COARSE_LOCATION is used to get the WiFi SSID in order to facilitate reconnections.

Our view is that these are legitimate uses of the permissions and functions, particularly as Psiphon is open source (unusual for a VPN). However, we remain concerned that the use of location-based permissions/functions for reconnection is could be open to abuse and that there are safer ways to achieve the same outcome.

Read our full Psiphon Pro review

Back to Risk Index

Turbo VPN – Unlimited Free VPN & Fast Security VPN

Details

Developer: Innovative Connecting

APK file name: free.vpn.unblock.proxy.turbovpn

Installs

10,000,000+ | 4.7 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

java/net/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Blocks test traffic

VPN Provider Response

The developers provided a detailed response, summary as follows:

Note that the same developers are also responsible VPN Master, for which they provided a very similar response.

LocationManager. ->getLastKnownLocation

ContentResolver; ->delete

TelephonyManager;->getDeviceId

The devs acknowledged that the third-party advertising platforms they use do seek to obtain sensitive information “for personalized advertising purpose”. However the devs stated they did not request the necessary permissions in order to protect user privacy.

Beyond using the user’s country to provide the fastest server, however, the devs did not specify what the functions were actually used for.

Java/lang/Runtime; >exec | Execute system command

“Since we already have over 5,000 servers, in order to improve the user experience, we will ping if necessary, so as to select the most suitable server for different user.”

Our view is as follows: to quote the developers, “To help people to get a better Internet access in terms of privacy security, we offer free VPN services. Our products have a large number of users, which means we need a lot of servers to support, and we need advertisement to generate revenue so as to keep our business going.” This is the conflict at the heart of ad-supported free VPN apps in a nutshell. While the devs may well currently be acting in good faith, there is no guarantee for the user that future updates don’t include the necessary permissions to activate the functions listed. In the event of financial pressures for example, the lure of extra advertising dollars from 10 million users would be hard to resist.

Read our full Turbo VPN review.

Back to Risk Index

VPN Master – Free unblock Proxy VPN & security VPN

Details

Developer: Innovative Connecting

APK file name: free.vpn.unblock.proxy.vpnmaster

Installs

10,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

java/net/Runtime;-?exec | Execute system command

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

Virus Test Positives

None

Network Test Results

Blocks test traffic

VPN Provider Response

After initially giving us the brush-off, the developers provided a detailed response, summary as follows:

Note that the same developers are also responsible Turbo VPN, for which they provided a very similar response.

LocationManager. ->getLastKnownLocation

ContentResolver; ->delete

TelephonyManager;->getDeviceId

The devs acknowledged that these functions could be used to collect sensitive as well as non-sensitive information, stating that the “the [third-party] advertising platforms are trying to obtain those information [sic] for personalized advertising purpose”. However the devs stated they did not request the necessary permissions in order to protect user privacy.

Beyond using the user’s country to provide the fastest server, however, the devs did not specify what the functions were actually used for.

Java/lang/Runtime; >exec | Execute system command

“Since we already have over 1,000 servers, in order to improve the user experience, we will ping if necessary, so as to select the most suitable server for different user.”

Our view is that while the devs may well currently be acting in good faith, there is no guarantee for the user that future updates don’t include the necessary permissions to activate the functions listed. In the event of financial pressures for example, the lure of extra advertising dollars from 10 million users would be hard to resist.

Back to Risk Index

Snap VPN – Unlimited Free & Super Fast VPN Proxy

Details

Developer: Lemon Clove

APK file name: free.vpn.unblock.proxy.vpnpro

Installs

10,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

Leaks

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Blocks test traffic

Read our full Snap VPN review.

Back to Risk Index

Hola Free VPN Proxy

Details

Developer: Hola

APK file name: org.hola

Installs

10,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

ACCESS_FINE_LOCATION

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

DNS leak

WebRTC leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

Minor aberrations: 3

Full network test results.

VPN Provider Response

Hola provided a swift response that was rather lacking in detail. Summary as follows:

ACCESS_FINE_LOCATION & LocationManager;->getLastKnownLocation are used in Hola’s integrated Unblocker Browser. They claim this is necessary for “any standard browser”.

READ_PHONE_STATE & TelephonyManager;->getDeviceId are used to stop data transmission when a call is active.

WRITE_EXTERNAL_STORAGE – no explanation provided

Our view is that these are weak justifications for these combinations of intrusive permissions and risky functions. Not only is it possible for an integrated browser to function without access to GPS data but it’s also not core functionality for a VPN. Nor do we see the highly intrusive READ_PHONE_STATE permission on paid-for VPN apps that provider higher-level performance than Hola.

Read our full Hola review.

Back to Risk Index

SpeedVPN Free VPN Proxy

Details

Developer: GoSpeed Software

APK file name: us.gospeed.speedvpn

Installs

10,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

READ_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 1

Minor aberrations: 3

Full network test results.

Back to Risk Index

VPN Private

Details

Developer: VPN Private

APK file name: us.unbounded.vpn_private

Installs

10,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

ContactResolver;->query | Read databases like contacts or SMS

LocationManager;->getLastKnownLocation | Get last known location

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0 Minor aberrations: 2

VPN Response

VPN Private provided a swift and reasonably detailed response and were at pains to emphasize that they do not store identifiable information about users while connection metadata is stored for less than a day. Summary as follows:

ContentResolver;->query is used to get device ID to let a user get access to their servers.

LocationManager;->getLastKnownLocation & java/lang/Runtime;->exec are both used by OpenVPN and IPSec connected libraries, with the developer claiming not to personally interact with them on any level.

Our view is that while these methods may well be used in good faith, this does not mean that they are optimal from a privacy perspective. The more personal data that is sought and used by an app, the greater the risk and vulnerability created.

Full network test results.

Back to Risk Index

VPN Free – Betternet Hotspot VPN & Private Browser

Details

Developer: Betternet LLC

APK file name: com.freevpnintouch

Installs

10,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Major abnormalities: 2

2 Minor aberrations: 7

Full network test results.

VPN Provider Response

Betternet sent a canned response, as follows only to close the issue the next day.

“Thank you for contacting us about the possibility of working with us.

“Your message was passed on to the proper team for review. If there is interest, they will be in touch with you.

Thank you again and have a great day.”

Our view is that this is an incredibly disrespectful way to treat the issue of user privacy.

Read our full Betternet Free review.

Back to Risk Index

Touch VPN -Free Unlimited VPN Proxy & WiFi Privacy

Details

Developer: TouchVPN Inc.

APK file name: com.northghost.touchvpn

Installs

10,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

ACCESS_COARSE_LOCATION

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Major abnormalities: 1

1 Minor aberrations: 3

Full network test results.

Read our full Touch VPN review.

Back to Risk Index

AnonyTun

Details

Developer: Art Of Tunnel

APK file name: com.anonytun.android

Installs

5,000,000+ | 4.2 star rating | Google Play Listing

Intrusive Permissions

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

Minor aberrations: 3

Full network test results.

VPN Provider Response

The AnonyTun developers provided a brief response as follows:

WRITE_EXTERNAL_STORAGE allows users to save a configuration that they can export or share with fellow users.

“For the rest of the stuff , they may be coming from Google SDK, we have no need for users sms or location.”

Our view is that this shows – at best – a disturbing lack of knowledge of how their own app works that should give users pause for thought before entrusting them with their internet activity and all the personal data that entails.

Back to Risk Index

Super VPN – Best Free Proxy

Details

Developer: SuperVPN Inc

APK file name: com.chengcheng.FreeVPN

Installs

5,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 1

Full network test results.

Back to Risk Index

EasyOvpn – Plugin for OpenVPN

Details

Developer: Easy4U Ltd.

APK file name: com.easyovpn.easyovpn

Installs

5,000,000+ | 4.2 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

READ_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 6

Full network test results.

Back to Risk Index

Secure VPN – A high speed, ultra secure VPN

Details

Developer: Signal Lab

APK file name: com.fast.free.unblock.secure.vpn

Installs

5,000,000 | 4.2 star rating | Google Play Listing

Intrusive Permissions

BLUETOOTH

Leaks

DNS leak

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 3

Full network test results.

Back to Risk Index

Thunder VPN – A Fast, Unlimited, Free VPN Proxy

Details

Developer: Signal Lab

APK file name: com.fast.free.unblock.thunder.vpn

Installs

5,000,000 | 4.8 star rating | Google Play Listing

Intrusive Permissions

BLUETOOTH

Leaks

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

ActivityManager;->killBackgroundProcesses | Kill processes like AV

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 3

Full network test results.

Read our full Thunder VPN review.

Back to Risk Index

Yoga VPN – Free Unlimited & Secure Proxy & Unblock

Details

Developer: Sarah Hawken

APK file name: com.yogavpn

Installs

5,000,000+ | 4.7 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

READ_PHONE_STATE

Leaks

DNS leak

WebRTC leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Blocks test traffic

Read our full Yoga VPN review.

Back to Risk Index

X-VPN – Free Unlimited VPN Proxy

Details

Developer: Free Connected Limited

APK file name: com.security.xvpn.z35kb

Installs

5,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 5

Full network test results.

Back to Risk Index

VPN Provider Response

X-VPN developers provided a swift and detailed response, summary as follows:

WRITE_EXTERNAL_STORAGE – required in order to serve adverts on devices running certain versions of Android.

java/lang/Runtime;->exec allows them to see whether a device has been rooted, which helps with troubleshooting connection issues on such devices. The dev says they plan to remove this soon as they have found a better way of achieving this.

LocationManager;->getLastKnownLocation – The developer was unaware of the presence of this function in their code, so we shared our data with them for further investigation.

Our view is that while the developer response certainly shows a lack of malicious intent and that this app is relatively low risk, it’s illustrative of the price you pay for a free VPN app. Certain ad platforms require intrusive permissions for example. We are also concerned that this app may contain functions that the developer is unaware of and we will update as we learn more.

Read our full X-VPN Free review.

Back to Risk Index

TunnelBear VPN

Details

Developer:TunnelBear, LLC

APK file name: com.tunnelbear.android

Installs

5,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 5

Full network test results.

Back to Risk Index

FlashVPN Free VPN Proxy

Details

Developer: FlashSoftware

APK file name: net.flashsoft.flashvpn.activity

Installs

5,000,000+ | 4.4 star rating | Google Play Listing

Intrusive Permissions

ACCESS_FINE_LOCATION

READ_PHONE_STATE

ACCESS_COARSE_LOCATION

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 3

Full network test results.

Back to Risk Index

VPN Robot – Free Unlimited VPN Proxy &WiFi Security

Details

Developer: Lemon Clove

APK file name: free.vpn.unblock.proxy.freenetvpn

Installs

5,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

ACTIVITY_RECOGNITION

Leaks

DNS leak

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Blocks test traffic

Back to Risk Index

Unlimited Free VPN Monster – Fast Secure VPN Proxy

Details

Developer: Autumn Breeze 2018

APK file name: free.vpn.unblock.proxy.vpnmonster

Installs

5,000,000+ | 4.7 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Blocks test traffic

Back to Risk Index

TapVPN Free VPN

Details

Developer: Mobbo

APK file name: pm.tap.vpn

Installs

5,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

ACCESS_FINE_LOCATION

ACCESS_COARSE_LOCATION

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 2

Back to Risk Index

Ultrasurf (beta) – Unlimited Free VPN Proxy

Details

Developer: Ultrareach

APK file name: us.ultrasurf.mobile.ultrasurf

Installs

5,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

Virus Test Positives

Ad-Aware: Android.Riskware.FakeApk.gUKNG

Android.Riskware.FakeApk.gUKNG Arcabit: Android.Riskware.FakeApk.gUKNG

Android.Riskware.FakeApk.gUKNG BitDefender: Android.Riskware.FakeApk.gUKNG

Android.Riskware.FakeApk.gUKNG Cyren: AndroidOS/GenBl.A36902B7!Olympus

AndroidOS/GenBl.A36902B7!Olympus Emsisoft: Android.Riskware.FakeApk.gUKNG

Android.Riskware.FakeApk.gUKNG F-Secure: Android.Riskware.FakeApk

Android.Riskware.FakeApk GData: Android.Riskware.FakeApk.gUKNG

Android.Riskware.FakeApk.gUKNG K7GW: Trojan ( 0001140e1 )

Trojan ( 0001140e1 ) eScan: Android.Riskware.FakeApk.gUKNG

Network Test Results

Major abnormalities: 1

1 Minor aberrations: 8

VPN Provider Response

Ultrasurf responded quickly but denied that the tests were accurate:

“We don’t use LocationManager and ContentResolver. We don’t know why there are false positives etierh [sic]. The app is extremely simple, it just sets up [a] VPN service and tunnel[s] the network traffic in an encrypted tunnel.”

Our view is that this is clearly an app to avoid given the many issues uncovered in our tests.

Back to Risk Index

Free VPN Unlimited Proxy – Proxy Master

Details

Developer: Hotspot VPN( Proxy & Security )

APK file name: com.freevpn.unblock.proxy

Installs

5,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

PowerManager;->reboot | Reboot phone

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

TelephonyManager;->getLine1Number | Get phone number

TelephonyManager;->getSimSerialNumber | Get SIM serial number

SmsManager;->sendTextMessage | Send normal SMS

ActivityManager;->killBackgroundProcesses | Kill processes like AV

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

ESET-NOD32: a variant of Android/DataCollector.Utilcode.A, potentially unsafe

Network Test Results

Blocks test traffic

Back to Risk Index

Zero VPN

Details

Developer: TNTAPP

APK file name: net.tntapp.app.zerovpn

Installs

1,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

Jiangmin: DoS.Linux.wp

Network Test Results

Blocks test traffic

Back to Risk Index

HOT VPN – Free?Unblock?Proxy

Details

Developer: Autumn Breeze 2018

APK file name: co.acnet.hotvpn

Installs

1,000,000+ total installs | 4.6 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Behaviors/Functions

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

ContentResolver;->delete | Delete contact or sms

Virus Test Positives

None

Network Test Results

Blocks test traffic

Back to Risk Index

Hammer VPN

Details

Developer: TunnelGuru

APK file name: com.in.hammervpn

Installs

1,000,000+ total installs | 4.6 star rating | Google Play Listing

Intrusive Permissions

ACCESS_FINE_LOCATION

READ_EXTERNAL_STORAGE

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

java/lang/Runtime;->exec | Execute system command

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

TelephonyManager;->getSimSerialNumber | Get SIM serial number

Virus Test Positives

Babable: PUP.HighConfidence

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 2

Full network test results.

Back to Risk Index

Troid VPN Free VPN Proxy

Details

Developer: TunnelGuru

APK file name: com.in.troidvpn

Installs

1,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

READ_EXTERNAL_STORAGE

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

java/lang/Runtime;->exec | Execute system command

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

TelephonyManager;->getSimSerialNumber | Get SIM serial number

Virus Test Positives

Babable: PUP.HighConfidence

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 2

Full network test results.

Back to Risk Index

VPN 360 – Unlimited Free VPN Proxy

Details

Developer: TouchVPN Inc.

APK file name: co.infinitysoft.vpn360

Installs

1,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Blocks test traffic

Read our full VPN 360 review.

Back to Risk Index

Free Unlimited VPN Proxy: VPNhub – Safely Hide IP

Details

Developer: AppAtomic Limited

APK file name: com.appatomic.vpnhub

Installs

1,000,000+ | 4.4 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 3

Full network test results.

VPN Provider Response

The VPNHub developers provided the following response:

“We couldn’t find any reference to location services in vpnhub. Neither in the code, nor in the manifest file via permissions.”

Our view is that the developer has provided their response in good faith, however scans of the latest version of the app (1.4.1) reveal that the app still does contain the risky functions. It’s important to note that there are no permissions currently included in the app that would permit any intrusions of privacy via these functions. However, as we have stated with all apps with similar findings, there is no guarantee that this won’t change with future updates to the app and that it’s better to remove them entirely.

Read our full VPNHub review.

Back to Risk Index

VPN super free proxy master unblock sites

Details

Developer: SHSApps

APK file name: com.baaghidevelopers.proxy.vpn

Installs

1,000,000+ | 4.2 star rating | App deleted from Play Store and reuploaded here

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

WRITE_EXTERNAL_STORAGE

Leaks

IP leak

WebRTC leak

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 1

Full network test results.

Back to Risk Index

Browsec VPN – Free and Unlimited VPN

Details

Developer: Browsec LLC

APK file name: com.browsec.vpn

Installs

1,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

READ_CONTACTS

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Major abnormalities: 1

1 Minor aberrations: 1

Full network test results.

Back to Risk Index

Free & Premium VPN – FinchVPN

Details

Developer: Finch Technology Enterprises

APK file name: com.finchvpn.android

Installs

1,000,000+ | 4.2 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

None found

Virus Test Positives

None

Network Test Results

Major abnormalities: 3

3 Minor aberrations: 6

Full network test results.

Back to Risk Index

Speedify – Bonding VPN

Details

Developer: Connectify Inc.

APK file name: com.speedify.speedifyandroid

Installs

1,000,000+ | 4.0 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

READ_PHONE_STATE

Leaks

None

Dangerous Functions/Behaviors

java/lang/Runtime;->exec | Execute system command

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

TelephonyManager;->getLine1Number | Get phone number

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 8

VPN Provider Response

Speedify responded very quickly and in detail. Summary as follows:

WRITE_SETTINGS – used in Android 6.0.0 to deal with a very specific network state bug in that version only that caused battery drain.

READ_PHONE_STATE – gets cellular network name to show in the user interface. It may also be used to create a unique, one-way hash for the user to allow them to use the app without logging in. Optional permission, app works fine without it.

ACCESS_COARSE_LOCATION – gets city-level location to connect to closest server. They have servers in 70+ locations and they state performance is much better when using closest server. Optional permission at runtime. App works fine without it but may not connect to most optimal server.

java/lang/Runtime;->exec is used to gather the crash reports from the user’s system (via ‘logcat -b crash’) when they select Help > Generate Log File.

TelephonyManager;->getDeviceId – creates a unique one-way hash for the user that allows them to anonymously get the 5GB per month from Speedify. “We need to find some kind of unique ID that the user has granted us permission to view. So we try to pull fields from the TelephonyManager (which is only accessible if they granted the optional READ_PHONE_STATE permission) and ANDROID_ID (via ContentResolver) to find something we can hash. This is to allow users to freely and anonymously use the app without having to register.”

TelephonyManager;->getLine1Number – “We don’t want the phone number; thanks for that find! We just found that and pulled it. Trying to get a new release out tonight with that fix.”

Our view is that these are legitimate and privacy-friendly uses of these permissions and functions. While we don’t support use of location tracking even for server selection optimisation, the fact that this is an optional permission at runtime mitigates the issue. We were impressed at this provider’s willingness to engage with our findings and quickly remove any unnecessary risky functions.

Full network test results.

Back to Risk Index

Hotspot VPN – Super Free VPN Unlimited Proxy

Details

Developer: Hotspot VPN( Proxy & Security )

APK file name: com.supervpn.freevpn

Installs

1,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

ACCESS_FINE_LOCATION

CAMERA

ACCESS_COARSE_LOCATION

BLUETOOTH

WRITE_EXTERNAL_STORAGE

RECORD_AUDIO

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

PowerManager;->reboot | Reboot phone

TelephonyManager;->getLine1Number | Get phone number

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

TelephonyManager;->getSimSerialNumber | Get SIM serial number

SmsManager;->sendTextMessage | Send normal SMS

ActivityManager;->killBackgroundProcesses | Kill processes like AV

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Blocks test traffic

Back to Risk Index

Solo VPN – One Tap Free Proxy

Details

Developer: SoloVPN & NCleaner – Notification Cleaner Productivity

APK file name: co.solovpn

Installs

1,000,000+ | 4.4 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 5

Full network test results.

Back to Risk Index

VPN Proxy by Hexatech – Secure VPN & Unlimited VPN

Details

Developer: Betternet LLC

APK file name: tech.hexa

Installs

1,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Major abnormalities: 2

2 Minor aberrations: 8

Full network test results.

Back to Risk Index

SkyVPN – Best Free VPN Proxy for Secure WiFi Hotspot

Details

Developer: Sentry SkyVPN Security Team

APK file name: me.skyvpn.app

Installs

1,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESSS_FINE_LOCATION

CAMERA

READ_CALENDAR

READ_PHONE_STATE

WRITE_CALENDAR

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

Camera;->open | Open camera

java/lang/Runtime;->exec | Execute system command

TelephonyManager;->getLine1Number | Get phone number

TelephonyManager;->getSimSerialNumber | Get SIM serial number

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 2

Full network test results.

Read our full Sky VPN review.

Back to Risk Index

LinkVPN Free VPN Proxy

Details

Developer: FuryWeb Tech

APK file name: org.furyweb.linkvpn

Installs

1,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

READ_PHONE_STATE

READ_EXTERNAL_STORAGE

WRITE_EXTERNAL_STORAGE

Leaks

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 1

Full network test results.

Back to Risk Index

VPN Unblocker Free unlimited Best Anonymous Secure

Details

Developer: Royal Partner Company

APK file name: com.unlockme.vpn

Installs

1,000,000+ | 4.2 star rating | Google Play Listing

Intrusive Permissions

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 1

Full network test results.

Back to Risk Index

FREE VPN – Unseen Online

Details

Developer: FREE VPN – Unseen Online

APK file name: com.unseenonline

Installs

1,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

DNS leak

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 1

Full network test results.

Back to Risk Index

GeckoVPN Free Fast Unlimited Proxy VPN

Details

Developer: Best Free VPN Proxy

APK File name: org.geckonet.gecko

Installs

1,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

READ_EXTERNAL_STORAGE

Leaks

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

None

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 4

Full network test results.

Back to Risk Index

Easy VPN – Free VPN proxy master, super VPN shield

Details

Developer: Hotspot VPN( Proxy & Security )

APK file name: easyvpn.free.vpn.unblock.proxy

Installs

1,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

READ_EXTERNAL_STORAGE

Leaks

DNS leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

TelephonyManager;->getLine1Number | Get phone number

TelephonyManager;->getSimSerialNumber | Get SIM serial number

SmsManager;->sendTextMessage | Send normal sms

ActivityManager;->killBackgroundProcesses | Kill process like AV

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

ESET-NOD32: a variant of Android/DataCollector.Utilcode.A

a variant of Android/DataCollector.Utilcode.A Symantec Mobile Insight: AdLibrary:Generisk

AdLibrary:Generisk Ikarus: PUA.AndroidOS.DataCollector

Network Test Results

Blocks test traffic

Back to Risk Index

VPN Easy – best free proxy

Details

Developer: ZPN

APK file name: free.vpn.proxy.unblock.android.easy.app

Installs

1,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

READ_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions\Behaviors

Camera;->open | Open camera

Virus Test Positives

Fortinet: Adware/AdColony!Android

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 1

Full network test results.

Back to Risk Index

Secure VPN – Free VPN Proxy, Best & Fast Shield

Details

Developer: Hotspot VPN( Proxy & Security )

APK file name: free.vpn.unblock.proxy.securevpn

Installs

1,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

READ_EXTERNAL_STORAGE

Leaks

DNS leak

Dangerous Functions/Behaviors

None

Virus Test Positives

ESET-NOD32: a variant of Android/DataCollector.Utilcode.A

a variant of Android/DataCollector.Utilcode.A Ikarus: PUA.AndroidOS.DataCollector

PUA.AndroidOS.DataCollector Symantec Mobile Insight: AdLibrary:Generisk

AdLibrary:Generisk Cyren: AndroidOS/GenPua.0D3DE005!Olympus

Network Test Results

Blocks test traffic

Back to Risk Index

Free VPN Proxy – ZPN

Details

Developer: ZPN

APK file name: im.zpn

Installs

1,000,000+ | 4.3 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

None

Virus Test Positives

None

Network Test Results

Blocks test traffic

Read our full ZPN review.

Back to Risk Index

VPN Unblock Bokep Sites

Details

Developer: Vpn Internet

APK file name: vpn.bokep.buka.blokir.internet.positif

Installs

1,000,000+ | 4.1 star rating | App since removed from Play Store

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

Camera;->open | Open camera

LocationManager;->getLastKnownLocation | Get last known location

Virus Test Positives

None

Network Test Results

Major abnormalities: 1

1 Minor aberrations: 7

Full network test results.

Back to Risk Index

VPN Over DNS Tunnel : SlowDNS

Details

Developer: TunnelGuru

APK file name: com.in.troiddns

Installs

1,000,000+ | 4.6 star rating | Google Play Listing

Intrusive Permissions

ACCESS_FINE_LOCATION

READ_EXTERNAL_STORAGE

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

TelephonyManager;->getSimSerialNumber | Get SIM serial number

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

Babable: PUP.HighConfidence

Network Test Results

Major abnormalities: 1

1 Minor aberrations: 9

See full network test results.

Back to Risk Index

Best VPN Proxy OvpnSpider

Details

Developer: WCOMES TECHNOLOGIES CO.,LIMITED

APK file name: com.ovpnspider

Installs

1,000,000+ | 4.1 star rating | Google Play Listing

Intrusive Permissions

ACCESS_FINE_LOCATION

ACCESS_COARSE_LOCATION

WRITE_EXTERNAL_STORAGE

Leaks

DNS Leak

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

TelephonyManager;->getSimSerialNumber | Get SIM serial number

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

Cyren: AndroidOS/GenPUA.FC71B244!Olympus

AndroidOS/GenPUA.FC71B244!Olympus ESET-NOD32: a variant of Android/Packed.TencentProtect.B potentially unsafe

a variant of Android/Packed.TencentProtect.B potentially unsafe Ikarus: Adware.AndroidOS.TencentProtect

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 4

See full network test results.

Back to Risk Index

VPN Unlimited Proxy AppVPN

Details

Developer: WCOMES TECHNOLOGIES CO.,LIMITED

APK file name: appvpn.vpn

Installs

1,000,000+ | 4.1 star rating | Google Play Listing

Intrusive Permissions

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

Cyren: AndroidOS/GenPUA.FC71B244!Olympus

AndroidOS/GenPUA.FC71B244!Olympus ESET-NOD32: a variant of Android/Packed.TencentProtectB

a variant of Android/Packed.TencentProtectB Ikarus: Adware.AndroidOS.TencentProtect

Adware.AndroidOS.TencentProtect Qihoo-360: Trojan.Android.Gen

Trojan.Android.Gen TrendMicro-HouseCall: Suspicious_GEN.F47V0830

Network Test Results

Major abnormalities: 0

0 Minor aberrations: 2

See full network test results.

Back to Risk Index

WhatsVPN – Unlimited Free VPN

Details

Developer: Unlimited DT Security Studio

APK file name: com.infvpn.turbo.free.proxy.whatsvpn

Installs

1,000,000+ | 4.7 star rating | Google Play Listing

Intrusive Permissions

ACCESS_COARSE_LOCATION

ACCESS_FINE_LOCATION

READ_PHONE_STATE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

Virus Test Positives

None

Network Test Results

Blocks test traffic

Back to Risk Index

VPN Proxy Master – free unblock VPN & security VPN

Details

Developer: Innovative Connecting

APK file name: free.vpn.unblock.proxy.vpn.master.pro

Installs

1,000,000+ | 4.7 star rating | Google Play Listing

Intrusive Permissions

None

Leaks

No leaks

Dangerous Functions/Behaviors

LocationManager;->getLastKnownLocation | Get last known location

TelephonyManager;->getDeviceId | Get info like IMEI, phone number or OS version

java/lang/Runtime;->exec | Execute system command

Virus Test Positives

Babable: PUP.HighConfidence

Network Test Results

Blocks test traffic

Read our full VPN Proxy Master review.

Back to Risk Index

Amaze VPN (Free VPN Proxy)

Details

Developer: FreeVPN

APK file name: free.unblock.vpnpro

Installs

1,000,000+ | 4.5 star rating | Google Play Listing

Intrusive Permissions

READ_PHONE_STATE

READ_EXTERNAL_STORAGE

WRITE_EXTERNAL_STORAGE

Leaks

No leaks

Dangerous Functions/Behaviors

None found

Virus Test Positives

Trustlook: Android.Malware.General (score:9)

Network Test Results