Published in News

Popular free mobile VPNs could be a Chinese spying scam

by on22 January 2019


Free services might be giving your data away


The top free VPN services might be a front for evil Chinese spying antics or dodgy sales.

Hacker Noon did some digging among the top free VPN apps in the App Store and Google Play Store and found that very few of these hugely popular apps do anywhere near enough to deserve the trust of those looking to protect their privacy online.

The apps come from obscure and highly secretive companies that make a deliberate effort to obscure their information from consumers.

The VPN apps have been downloaded tens of millions of times from the world’s biggest app marketplaces, yet there is little-to-no information for users about the companies behind them and what they are doing with the huge volume of sensitive traffic that passes through their servers every day.

Most of the apps have insufficient formal privacy protections and non-existent user support.

Nearly 60 percent of the apps studied ultimately have Chinese ownership or are based in China, despite its strict ban on VPNs and its notorious internet surveillance regime. This suggests that the apps exist with Chinese government approval.

The Chinese-owned VPNs have been downloaded by users in the US, UK, Latin America, Middle East, and Canada. Three of the apps — TurboVPN, ProxyMaster and SnapVPN had linked ownership.

In their privacy policy, they note: “Our business may require us to transfer your personal data to countries outside of the European Economic Area (“EEA”), including to countries such as the People’s Republic of China or Singapore.”

One of the apps, VPN Patron, is owned by IST Media, a Hong Kong-based company that markets itself in China as a mobile advertising company that monetises users’ internet behaviour.

More than 64 percent of these providers have no dedicated website or web presence, and over half of listed support emails were personal accounts such as Gmail or Yahoo addresses. Over 80 percent of customer support requests were ignored.

Legitimate VPNs, whether they are free or subscription-based, typically have detailed privacy policies that outline their practices and preclude them from monitoring and logging their users’ web traffic.

Most popular free VPN apps for mobile have nothing resembling this in their policies, and many have no policy at all. This highlights a disconcerting ambiguity about what is happening to huge volumes of user data and raises concerns that millions of users around the globe are allowing unknown and potentially hostile entities to access their web traffic.

More than 86 per cent of these apps hosted on the App Store and Google Play had substandard privacy policies that were dangerously lacking or even invasive to user privacy.

Some of these apps grant full access to users’ internet traffic, track users, and send data to Chinese third-parties. Data-points collected from users include websites visited, IP address (including user location), time and duration of browsing, independent device identifiers, email addresses, and more. Yet users are routing their entire mobile internet traffic through servers operated by these companies, most of whom offer no protection against the misuse of this data.

Hacker Noon thinks that Apple and Google are to blame for allowing these VPN's to flog their wares in their stores.

Last modified on 23 January 2019
Rate this item
(0 votes)