All Android users now have the opportunity to confirm the legitimacy of their Mullvad VPN app prior to installation. In a significant move towards enhancing user security, Mullvad has introduced reproducible builds for its Android VPN application, starting with version 2025.2.
In essence, a reproducible build ensures that, given the same source code, build environment, and instructions, any party can recreate identical copies of the application. This means that the app code available for download should correspond precisely with the source code published by Mullvad’s developers, providing users with a strong assurance that no unauthorized modifications have taken place during the build process.
The decision to implement reproducible builds comes in response to a troubling trend observed in 2024, where malicious free VPN applications proliferated. Cybercriminals exploited the growing demand for VPN tools, distributing malware through counterfeit software designed to mimic legitimate services. This trend has persisted into 2025, with Google issuing warnings about attackers utilizing authentic VPN applications as backdoors to inject malware and gain remote access to compromised devices.
Mullvad emphasizes the importance of transparency in security software, stating, “Investing in reproducible builds is a testament to our commitment to providing you with a trustworthy and secure application.” This sentiment was echoed in a recent tweet from the company, highlighting the significance of the new feature.
Starting with version 2025.2, our Android app builds are reproducible. This means you can verify that the app you download and install is built from the open source code we publish. Read more here: https://t.co/GV1ZH8NO5OMay 9, 2025
At this point, only the latest version of Mullvad’s Android VPN app features reproducible builds, and it remains uncertain when or if this capability will be extended to other platforms. A Mullvad developer, speaking to TechRadar, expressed enthusiasm for the idea but noted that it has not yet been prioritized for evaluation on additional platforms. “There is no reason we would not want to do it, just that it has not been prioritized/evaluated for the other platforms,” the developer remarked.
The company is actively encouraging technically adept users to verify the Mullvad builds. This initiative not only aims to enhance transparency for users but also allows Mullvad to ensure that its own build environment remains uncompromised. While the verification process may require some IT skills, Mullvad has provided a comprehensive set of instructions to assist users in this endeavor. “To help ensure we are able to produce reproducible builds over time, we have added initial such checks to our continuous integration (CI) environment,” the company stated.
