- Apple and Google failing to provide proper oversight of VPN apps and putting consumers’ privacy at risk by allowing poor quality apps from secretive companies onto their app marketplaces
- Unsuspecting users are routing their entire mobile internet traffic through servers operated by companies, most of which have minimal online presence and whose privacy policies offer no protections against misuse of that data
- In the past twelve months, China has aggressively clamped down on – and even jailed – non-sanctioned VPN operators and yet companies identified in report continue to operate
Half of the most popular free VPN (Virtual Private Network) apps for mobile devices are being run by secretive companies with Chinese ownership, according to an in-depth investigation by VPN review service Top10VPN.com.
These VPN apps have been downloaded tens of millions of times on the two biggest app marketplaces – Apple’s App Store and Google Play. Yet there is little-to-no information for users about these companies and what they are doing with the huge volume of sensitive traffic that passes through their servers every day.
Even more worryingly, the majority (59%) of the most popular VPN apps are either Chinese-backed or based in China, which is known for monitoring and censoring web traffic, and has been cracking down aggressively – and even jailing – local VPN operators over the last twelve months.
Several of these VPN apps actually explicitly state in their privacy policies that they may share data with China.
Over the course of the investigation, it was often very challenging to verify who was actually behind these VPN apps, due to the great lengths companies have gone to in order to hide their ultimate ownership, claims Top10VPN.com. Few of these companies have a website while those that do avoided revealing any information about themselves.
The investigation, which aimed to shine a light on these companies, raises concerns that millions of users around the globe are allowing unknown – and potentially hostile – entities to access their web traffic. VPNs typically require users to accept privacy policies assuring them that the provider won’t monitor or log their web traffic.
However Top10VPN.com found that 86% of free VPN apps hosted on the App Store and Google Play had substandard privacy policies that were vague at best about how they use data.
While the sheer popularity of these apps might be enough to convince most users that they are above board, there were many red flags on closer inspection. More than half of privacy policies (55%) were hosted in an amateur fashion – such as on free WordPress sites with ads or plain text files on anonymous web pages – compounding concerns about the legitimacy of these companies.
Six in 10 (64%) of these VPN providers didn’t have any sort of dedicated web presence and almost half (52%) of customer support emails were personal accounts, such as Gmail or Yahoo addresses. Over eight in 10 (83%) of app customer support requests for assistance were ignored.
Says Simon Migliano, head of research at Top10VPN.com:
“When someone opts to install a VPN on their laptop or mobile, they are essentially choosing to put their trust in the hands of that company instead of their ISP or mobile company. What consumers tend to forget is that in order for VPNs to protect their online privacy, all their internet traffic must pass through their VPN provider’s servers and can be potentially logged and shared with third parties.
“Leading VPN providers have detailed privacy policies that preclude them from monitoring this traffic. Yet many of the most popular free VPN apps for smartphones have nothing of the sort in their policies – meaning that there’s a really disconcerting ambiguity about what is happening to this data.
“A lot of the blame has to land at the feet of Google and Apple who are allowing opaque and unprofessional companies to host apps in their stores…In the eyes of the consumer, every app on the official app stores is effectively endorsed by Apple or Google as legitimate and safe to use. We were genuinely shocked that listings for these apps contained false information and links to such substandard resources that it’s clear there can be but minimal oversight of these apps.
“This is a dereliction of duty from Apple and Google, whose lax controls are potentially leaving their customers open to wholesale data harvesting.”