Android VPN Archives

AppWizard

September 18, 2025

The Tor Project quietly launches a beta Android VPN – and looks for testers

The Tor Project has launched a VPN app for Android users, currently in beta, aimed at enhancing online privacy and circumventing censorship. The app is available on the Google Play Store and operates under an open-source model. It routes user traffic through the Tor network to conceal real IP addresses and features split tunneling, allowing users to select specific applications for Tor traffic. The app is built on advanced infrastructure using Arti, the Tor Project's next-generation implementation, and includes built-in bridges to disguise Tor traffic. Users are cautioned against using the beta version if they face severe surveillance threats, as it is primarily a testing platform.

AppWizard

September 4, 2025

Popular Android VPN apps found to have security flaws and China links

A report by researchers at the University of Toronto’s Citizen Lab and Arizona State University reveals significant vulnerabilities in several Android VPN applications on the Google Play Store, indicating that many are owned by a Chinese company and mislead consumers about their ownership. The study analyzed the 100 most-downloaded VPNs not based in the U.S. and identified three families of providers with shared technical infrastructures and security flaws. Family A includes eight VPNs linked to providers like Innovative Connecting, which have a hard-coded key for Shadowsocks, allowing eavesdroppers to decrypt communications. Family B consists of six providers, including Global VPN, also using hard-coded passwords for Shadowsocks, raising concerns about anonymity. Family C includes providers like Fast Potato VPN, vulnerable to traffic manipulation attacks. The researchers suggest that the obscured ownership of these VPNs may be a strategy to mitigate reputational risks. They also highlight the responsibility of platforms like Google to vet the security of applications, noting that hosting insecure apps could damage Google's reputation. Users are advised to conduct thorough research and choose reputable VPN services.

AppWizard

September 3, 2025

Over 20 Popular Android VPN Apps Share The Same Security Flaws – See If You’re Affected

A study has found that three families of VPN clients on Google Play share identical infrastructures and codebases, despite appearing as separate apps. Over 20 of the most downloaded VPNs are interconnected, misleading consumers and compromising security due to shared vulnerabilities that can expose user traffic to hackers. Some of these applications are linked to entities in Russia and China, raising concerns about data privacy. A list of affected VPN apps includes Turbo VPN, VPN Monster, Snap VPN, and others. Users are advised to be cautious and consider alternative VPN options.

AppWizard

September 2, 2025

Citizen Lab Exposes Hidden Ties in 20 Android VPN Apps with 700M Downloads

Researchers from Citizen Lab discovered that over 20 popular Android VPN applications, collectively downloaded 700 million times, are interconnected through undisclosed ownership ties. These applications, marketed as independent privacy solutions, share codebases, servers, and encryption vulnerabilities. The VPN providers are categorized into three families linked to a Russian entity, a Chinese company, and another with ambiguous origins. Apps like Turbo VPN, X-VPN, and UFO VPN share cryptographic keys and backdoors, increasing the risk of man-in-the-middle attacks. Many applications use outdated encryption methods, making it easy for attackers to decrypt user traffic. Some apps route user data through servers in jurisdictions with lax privacy regulations, exposing sensitive information. The investigation revealed identical backend infrastructures among different apps, despite claims of no-log policies, breaching user trust. Hidden trackers within the apps contradict their privacy assurances. Regulators are beginning to respond, with Google removing problematic apps and the EU considering stricter data access regulations. Experts recommend choosing vetted, paid VPN services that undergo independent audits to ensure better security.

AppWizard

August 24, 2025

Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day

A study by Arizona State University and Citizen Lab found that three families of Android VPN apps, with over 700 million downloads, have significant security vulnerabilities. Apple has released a fix for a zero-day vulnerability (CVE-2025-43300) that was being exploited in targeted attacks. Researchers from the University of Melbourne and Imperial College London developed a method using lightweight large language models to improve incident response planning. The FBI and Cisco warned about a Russian threat group exploiting an old Cisco vulnerability (CVE-2018-0171) to compromise critical infrastructure. Fog Security researchers discovered a flaw in AWS’s Trusted Advisor tool that could mislead users about the security of their data. AI is now being used in security operations centers to reduce alert noise and assist analysts. U.S. federal prosecutors charged an individual linked to the Rapper Bot DDoS botnet. Nikoloz Kokhreidze discussed the strategic choice between hiring a fractional or full-time Chief Information Security Officer for B2B companies. Commvault patched four vulnerabilities that risked remote code execution. Jacob Ideskog highlighted security risks posed by AI agents. VX Underground released an exploit for two SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999). Healthcare organizations are preparing for new password security risks in 2025 that may threaten HIPAA compliance. Researchers identified a spear-phishing campaign using the Noodlophile infostealer. Financial institutions are increasingly using open-source intelligence tools to combat money laundering. Greg Bak discussed security risks for DevOps teams in the cloud. NIST released guidelines for detecting morph attacks. Organizations face six challenges in implementing machine learning and AI security. Recep Ozdag discussed vulnerabilities in airport and airline systems. Google introduced new AI and cloud security capabilities at the Cloud Security Summit 2025. Cybersecurity myths continue to complicate the security landscape. LudusHound is an open-source tool that replicates an Active Directory environment for testing. Buttercup is an AI-powered platform for automated vulnerability management in open-source software. The book "Data Engineering for Cybersecurity" addresses challenges in managing logs and telemetry data. A selection of current cybersecurity job openings has been compiled. A forthcoming webinar will discuss AI and SaaS security risks. The iStorage datAshur PRO+C is a USB-C flash drive with AES-XTS 256-bit hardware encryption. New infosec products were released by companies such as Doppel, Druva, LastPass, and StackHawk.

AppWizard

August 22, 2025

Android VPN Apps Linked to Chinese Co (Qihoo 360) Tied to PRC

Recent investigations by Arizona State University and Citizen Lab have revealed that several popular Android VPN applications are linked to entities in mainland China and Hong Kong, raising security concerns. These apps, which have millions of downloads, share ownership and infrastructure, and exhibit significant security flaws, including the collection of location data against privacy policies, outdated encryption methods, and hard-coded passwords that could compromise user traffic. One company manages all VPN servers for a second group of apps, while a third group is vulnerable to connection interference attacks. Notably, these VPN providers are connected to Qihoo 360, a Chinese company flagged as a potential national security threat, with ties to the Chinese military. The Tech Transparency Project reported that millions of Americans have downloaded apps that route internet traffic through Chinese companies, with one in five of the top 100 free VPNs in the U.S. App Store in 2024 being covertly owned by Chinese firms. Some VPNs have targeted younger audiences through social media ads, raising concerns about their marketing strategies. Qihoo 360 has been sanctioned and is on the Commerce Department’s Entity List, emphasizing the national security risks associated with these services. Users are advised to research their VPN providers to avoid affiliations with the Chinese Communist government.

AppWizard

August 21, 2025

“Scammers scamming other scammers” – This free Android VPN was caught using Windscribe-stolen servers

A free Android VPN app called JetVPN, which has over one million downloads, was found to be using servers owned by Windscribe. Windscribe, a reputable VPN provider, discovered this in late July and subsequently blocked JetVPN's access. JetVPN then switched to using servers from Private Internet Access (PIA) after the block. Windscribe stated that JetVPN was abusing Windscribe accounts by sharing them through its app. PIA confirmed that it closed accounts that were exploited by a third party. JetVPN claimed it never intentionally used Windscribe's infrastructure and has since removed the compromised servers. The app is no longer available on the Google Play Store, where it had a five-star rating, as it is undergoing updates. Google has introduced a "Verified" badge to help users identify secure VPNs, but concerns about the quality control of apps on the Google Play Store persist.

AppWizard

August 19, 2025

Android VPN apps used by millions are covertly connected AND insecure

Recent research from Arizona State University and Citizen Lab has identified connections among three families of Android VPN applications with over 700 million downloads, raising concerns about user privacy and security. The analysis revealed three groups of VPN providers: 1. Group A: Eight apps from three providers sharing identical Java code and libraries, exhibiting vulnerabilities such as: - Collecting location data against privacy policies. - Using weak encryption methods. - Hard-coded Shadowsocks passwords that could allow traffic decryption. 2. Group B: Eight apps from five providers supporting only the Shadowsocks protocol, sharing libraries and hard-coded passwords, with all servers hosted by GlobalTeleHost Corp. 3. Group C: Two providers with one app each, using a custom tunneling protocol and sharing similar code, vulnerable to connection inference attacks. The research highlighted significant privacy breaches, including undisclosed location data collection and vulnerabilities that could allow eavesdroppers to decrypt communications. Alarmingly, these VPN providers are linked to Qihoo 360, a Chinese company that has concealed this connection, raising concerns about potential data sharing with the government due to China's strict laws. Additionally, the Tech Transparency Project found that many free VPN apps on the Apple App Store are also linked to companies in mainland China or Hong Kong without disclosing these ties.

AppWizard

July 22, 2025

Beware – Iran-linked fake VPN apps found to spy on Android users

Researchers have identified a new spyware campaign targeting Iranian users of Android VPN applications, specifically a revamped version of DCHSpy, which disguises itself as legitimate VPN services like Starlink. This campaign began shortly after the Israel-Iran conflict and coincided with increased VPN usage among Iranians facing internet restrictions. DCHSpy can collect sensitive user data, including WhatsApp messages, contacts, SMS, files, location information, call logs, and has the ability to record audio and capture images. The spyware is maintained by the hacking group MuddyWater, linked to Iran's Ministry of Intelligence and Security, and has been enhanced with new functionalities. Malicious VPN services EarthVPN and ComodoVPN are being used to spread the malware, following the previous use of HideVPN. Experts warn that hackers are distributing malicious APKs through trusted platforms like Telegram, increasing risks for Iranian citizens. Security analyst Azam Jangrevi advises caution when downloading apps, recommending verified app stores and mobile security solutions to detect threats like DCHSpy. For high-risk professionals, she suggests using hardware-based security keys and vetted encrypted messaging applications.

AppWizard

July 21, 2025

How Free Android VPNs Improve HTTP Security in App Development (2025)

The integration of a free Android VPN is essential for mobile application developers to protect sensitive communications by creating an encrypted tunnel between a user's device and a secure server. VPNs enhance HTTP security by encrypting data, making it unreadable to unauthorized entities. They use various encryption protocols such as OpenVPN, WireGuard, and IKEv2/IPSec to secure HTTP connections. Free Android VPNs are cost-effective for developers, allowing secure testing across regions, maintaining security during remote work, and protecting data integrity in app testing. While some free VPNs may compromise user privacy, reputable providers offer secure options with no-log policies. Five recommended free Android VPNs for developers in 2025 include X-VPN, Proton VPN Free, Windscribe, TunnelBear, and Hideme, each with specific features suited for secure app development. Best practices for using free VPNs include verifying VPN protocols, enabling a kill switch, regularly auditing security settings, and using dedicated VPN profiles for app testing.