VPN apps Archives

AppWizard

November 26, 2025

Android users warned to delete these fake apps after Google alarm

Android users are facing a threat from counterfeit VPN applications that disguise themselves as privacy-enhancing tools but contain malware capable of compromising personal information and security. These fake VPNs mimic reputable brands and use misleading advertisements to appear legitimate. Once installed, they can steal passwords, messages, and financial data, and may even lock devices with ransomware. Google advises users to download VPNs only from trusted sources, look for verification badges, review app permissions, be cautious of free offers, research developers, and avoid scare tactics in marketing. Legitimate VPNs should not request access to personal contacts or photos and should only require network-related permissions.

AppWizard

November 14, 2025

Google warns Android users: Don’t install these apps on your phone!

Google has warned Android users to be cautious when downloading applications from the Google Play Store, particularly those pretending to be VPN services, as they may contain malware. This warning is prompted by new age verification laws in the UK and Italy, which have led minors to seek VPN apps to bypass adult content restrictions, creating an opportunity for cybercriminals to offer fake VPN services. These fraudulent apps can deploy various types of malware, including info-stealers and banking trojans, compromising personal data and financial credentials. Google highlighted that threat actors use sophisticated advertising strategies to distribute these malicious applications, often impersonating trusted brands or using social engineering tactics. To protect against these threats, users are advised to download VPN services only from reputable sources, avoid apps promoted through ads, and pay attention to app permissions. Google Play Protect and a special VPN badge can help identify legitimate apps.

AppWizard

September 11, 2025

These 20 free VPNs with 700 million downloads all have the same problem

Recent research has identified that 20 free VPN applications on Google Play share the same underlying code and a common vulnerability that compromises user data encryption. The study, conducted by researchers from Bowdoin College and Arizona State University, analyzed these apps, which have over 700 million downloads and generate revenue through ads while offering minimal value to users. Notable VPNs included in the study are Tetra VPN, VPN PotatoVPN, and VPN Proxy Master. These applications may mislead users into thinking they have diverse options, but they provide a uniform experience. Additionally, there are concerns about potential vulnerabilities that could expose private data and possible ties to China, a country known for weak privacy protections. The examined VPNs include Turbo VPN, VPN Monster, Snap VPN, and others. In contrast, established VPNs like Proton VPN and NordVPN are noted for their reliability and security.

AppWizard

September 4, 2025

Popular Android VPN apps found to have security flaws and China links

A report by researchers at the University of Toronto’s Citizen Lab and Arizona State University reveals significant vulnerabilities in several Android VPN applications on the Google Play Store, indicating that many are owned by a Chinese company and mislead consumers about their ownership. The study analyzed the 100 most-downloaded VPNs not based in the U.S. and identified three families of providers with shared technical infrastructures and security flaws. Family A includes eight VPNs linked to providers like Innovative Connecting, which have a hard-coded key for Shadowsocks, allowing eavesdroppers to decrypt communications. Family B consists of six providers, including Global VPN, also using hard-coded passwords for Shadowsocks, raising concerns about anonymity. Family C includes providers like Fast Potato VPN, vulnerable to traffic manipulation attacks. The researchers suggest that the obscured ownership of these VPNs may be a strategy to mitigate reputational risks. They also highlight the responsibility of platforms like Google to vet the security of applications, noting that hosting insecure apps could damage Google's reputation. Users are advised to conduct thorough research and choose reputable VPN services.

AppWizard

September 3, 2025

Over 20 Popular Android VPN Apps Share The Same Security Flaws – See If You’re Affected

A study has found that three families of VPN clients on Google Play share identical infrastructures and codebases, despite appearing as separate apps. Over 20 of the most downloaded VPNs are interconnected, misleading consumers and compromising security due to shared vulnerabilities that can expose user traffic to hackers. Some of these applications are linked to entities in Russia and China, raising concerns about data privacy. A list of affected VPN apps includes Turbo VPN, VPN Monster, Snap VPN, and others. Users are advised to be cautious and consider alternative VPN options.

AppWizard

September 2, 2025

Citizen Lab Exposes Hidden Ties in 20 Android VPN Apps with 700M Downloads

Researchers from Citizen Lab discovered that over 20 popular Android VPN applications, collectively downloaded 700 million times, are interconnected through undisclosed ownership ties. These applications, marketed as independent privacy solutions, share codebases, servers, and encryption vulnerabilities. The VPN providers are categorized into three families linked to a Russian entity, a Chinese company, and another with ambiguous origins. Apps like Turbo VPN, X-VPN, and UFO VPN share cryptographic keys and backdoors, increasing the risk of man-in-the-middle attacks. Many applications use outdated encryption methods, making it easy for attackers to decrypt user traffic. Some apps route user data through servers in jurisdictions with lax privacy regulations, exposing sensitive information. The investigation revealed identical backend infrastructures among different apps, despite claims of no-log policies, breaching user trust. Hidden trackers within the apps contradict their privacy assurances. Regulators are beginning to respond, with Google removing problematic apps and the EU considering stricter data access regulations. Experts recommend choosing vetted, paid VPN services that undergo independent audits to ensure better security.

AppWizard

August 24, 2025

Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day

A study by Arizona State University and Citizen Lab found that three families of Android VPN apps, with over 700 million downloads, have significant security vulnerabilities. Apple has released a fix for a zero-day vulnerability (CVE-2025-43300) that was being exploited in targeted attacks. Researchers from the University of Melbourne and Imperial College London developed a method using lightweight large language models to improve incident response planning. The FBI and Cisco warned about a Russian threat group exploiting an old Cisco vulnerability (CVE-2018-0171) to compromise critical infrastructure. Fog Security researchers discovered a flaw in AWS’s Trusted Advisor tool that could mislead users about the security of their data. AI is now being used in security operations centers to reduce alert noise and assist analysts. U.S. federal prosecutors charged an individual linked to the Rapper Bot DDoS botnet. Nikoloz Kokhreidze discussed the strategic choice between hiring a fractional or full-time Chief Information Security Officer for B2B companies. Commvault patched four vulnerabilities that risked remote code execution. Jacob Ideskog highlighted security risks posed by AI agents. VX Underground released an exploit for two SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999). Healthcare organizations are preparing for new password security risks in 2025 that may threaten HIPAA compliance. Researchers identified a spear-phishing campaign using the Noodlophile infostealer. Financial institutions are increasingly using open-source intelligence tools to combat money laundering. Greg Bak discussed security risks for DevOps teams in the cloud. NIST released guidelines for detecting morph attacks. Organizations face six challenges in implementing machine learning and AI security. Recep Ozdag discussed vulnerabilities in airport and airline systems. Google introduced new AI and cloud security capabilities at the Cloud Security Summit 2025. Cybersecurity myths continue to complicate the security landscape. LudusHound is an open-source tool that replicates an Active Directory environment for testing. Buttercup is an AI-powered platform for automated vulnerability management in open-source software. The book "Data Engineering for Cybersecurity" addresses challenges in managing logs and telemetry data. A selection of current cybersecurity job openings has been compiled. A forthcoming webinar will discuss AI and SaaS security risks. The iStorage datAshur PRO+C is a USB-C flash drive with AES-XTS 256-bit hardware encryption. New infosec products were released by companies such as Doppel, Druva, LastPass, and StackHawk.

AppWizard

August 22, 2025

Android VPN Apps Linked to Chinese Co (Qihoo 360) Tied to PRC

Recent investigations by Arizona State University and Citizen Lab have revealed that several popular Android VPN applications are linked to entities in mainland China and Hong Kong, raising security concerns. These apps, which have millions of downloads, share ownership and infrastructure, and exhibit significant security flaws, including the collection of location data against privacy policies, outdated encryption methods, and hard-coded passwords that could compromise user traffic. One company manages all VPN servers for a second group of apps, while a third group is vulnerable to connection interference attacks. Notably, these VPN providers are connected to Qihoo 360, a Chinese company flagged as a potential national security threat, with ties to the Chinese military. The Tech Transparency Project reported that millions of Americans have downloaded apps that route internet traffic through Chinese companies, with one in five of the top 100 free VPNs in the U.S. App Store in 2024 being covertly owned by Chinese firms. Some VPNs have targeted younger audiences through social media ads, raising concerns about their marketing strategies. Qihoo 360 has been sanctioned and is on the Commerce Department’s Entity List, emphasizing the national security risks associated with these services. Users are advised to research their VPN providers to avoid affiliations with the Chinese Communist government.

AppWizard

August 19, 2025

Android VPN apps used by millions are covertly connected AND insecure

Recent research from Arizona State University and Citizen Lab has identified connections among three families of Android VPN applications with over 700 million downloads, raising concerns about user privacy and security. The analysis revealed three groups of VPN providers: 1. Group A: Eight apps from three providers sharing identical Java code and libraries, exhibiting vulnerabilities such as: - Collecting location data against privacy policies. - Using weak encryption methods. - Hard-coded Shadowsocks passwords that could allow traffic decryption. 2. Group B: Eight apps from five providers supporting only the Shadowsocks protocol, sharing libraries and hard-coded passwords, with all servers hosted by GlobalTeleHost Corp. 3. Group C: Two providers with one app each, using a custom tunneling protocol and sharing similar code, vulnerable to connection inference attacks. The research highlighted significant privacy breaches, including undisclosed location data collection and vulnerabilities that could allow eavesdroppers to decrypt communications. Alarmingly, these VPN providers are linked to Qihoo 360, a Chinese company that has concealed this connection, raising concerns about potential data sharing with the government due to China's strict laws. Additionally, the Tech Transparency Project found that many free VPN apps on the Apple App Store are also linked to companies in mainland China or Hong Kong without disclosing these ties.

AppWizard

July 22, 2025

Beware – Iran-linked fake VPN apps found to spy on Android users

Researchers have identified a new spyware campaign targeting Iranian users of Android VPN applications, specifically a revamped version of DCHSpy, which disguises itself as legitimate VPN services like Starlink. This campaign began shortly after the Israel-Iran conflict and coincided with increased VPN usage among Iranians facing internet restrictions. DCHSpy can collect sensitive user data, including WhatsApp messages, contacts, SMS, files, location information, call logs, and has the ability to record audio and capture images. The spyware is maintained by the hacking group MuddyWater, linked to Iran's Ministry of Intelligence and Security, and has been enhanced with new functionalities. Malicious VPN services EarthVPN and ComodoVPN are being used to spread the malware, following the previous use of HideVPN. Experts warn that hackers are distributing malicious APKs through trusted platforms like Telegram, increasing risks for Iranian citizens. Security analyst Azam Jangrevi advises caution when downloading apps, recommending verified app stores and mobile security solutions to detect threats like DCHSpy. For high-risk professionals, she suggests using hardware-based security keys and vetted encrypted messaging applications.