Android users looking for free VPN apps on the Google Play Store may want to think twice after research from Top10VPN revealed that one in five of the top 150 free VPN apps could be a potential source of malware, while a quarter of the apps contain privacy-compromising bugs such as DNS leaks.

The company's Head of Research, Simon Migliano, made the discovery, and found that these Android VPN apps have already been installed 260 million times according to Google.

Top10VPN has organized and published its findings in the form of a risk index with the aim of helping Android users understand the privacy risks they are exposing themselves to when installing a free VPN.

Of the top 150 free VPNs, 27 apps were flagged as a potential source of malware after being tested using the utility VirusTotal.

DNS leak

Additionally, 25% of the top 150 free VPNs on the Google Play Store were affected by a DNS leak security issue which Migliano explained further in a blog post, saying: “This security flaw occurs when a VPN fails to force DNS requests through its encrypted tunnel to its own DNS servers and instead permits the DNS requests to be made directly to the default ISP DNS servers.



“Even though the rest of a user’s traffic is concealed, such a leak exposes a user’s browsing history to their ISP and any third-party DNS server operator that it may use.”

Top10VPN also discovered that some free VPNs were asking users for highly intrusive permissions, with 25% of apps asking to access a user's location, 38% tried to access device status information and 57% included code to retrieve a user's last known location.

While a free VPN may sound enticing at first, there will always be some kind of tradeoff, and we highly recommend researching any VPN extensively before installing it on your devices.

Via Bleeping Computer