Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

VPN - can you trust your Android VPN client?

Discussion in 'VPN' started by sfx2000, Jan 26, 2017.

  1. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    11,109
    Location:
    San Diego, CA
    Interesting read from HelpNetSecurity

    https://www.helpnetsecurity.com/2017/01/26/trust-android-vpn-client/

    A group of researchers has analyzed 283 Android apps from Google Play that use the Android VPN permission in search of possible malware presence, third-party library embedding, and traffic manipulation, and have discovered that:

    • 18% of the apps implement tunneling protocols without encryption (despite promising online anonymity and security to users)
    • 84% of the apps don’t tunnel IPv6 traffic, and 66% don’t tunnel DNS traffic for a variety of reasons, thus exposing users to online tracking by surveillance agencies or commercial WiFi access points
    • 75% of the apps use third-party tracking libraries and 82% request permissions to access sensitive resources (e.g. user accounts, text messages)
    • VirusTotal identified malware presence in 38% of the analyzed apps
    • 18% of the apps do not mention the entity hosting the terminating VPN server
    • 16% of the apps may forward traffic through other participating users rather than use servers hosted in the cloud (and this raises a number of trust, security, and privacy concerns for participating users)
    • 16% of the apps deploy non-transparent proxies that modify user’s HTTP traffic. In fact, two of them actively inject JavaScript code into the user’s traffic for advertisement and tracking purposes, and one of them redirects e-commerce traffic to external advertising partners.
    • Four of the analyzed VPN apps compromise users’ root-store and actively perform TLS interception, ostensibly in order to optimize traffic to certain services.
     

    Attached Files:

    ddAk1mb0 likes this.
  2. staticfree

    staticfree Regular Contributor

    Joined:
    May 14, 2009
    Messages:
    81
    Since I recently loaded openVPN app on my cell phone I too had (as always) in the back of my mind the question of whether or not these apps had any spyware or viruses embedded in them. I chose the openVPN app and when first executed, it did pop up a screen with settings prompting you to either enable or disable the apps access to much of your personal and private data like contacts, email, phone calling, camera and microphone, location, etc. I selected to not allow all but the "My Location" info. But who knows if it really disables this in the background. Anyway, this article is no surprise but it is completely useless when they don't back up their findings to identify and tell us what apps they tested and found vulnerabilities with. I wish they'd list and name the apps so we can decide which ones are safest and which ones to avoid.
     
  3. doczenith1

    doczenith1 Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    203
    Location:
    Lansing, MI
    Do a search on the web. I've had 3 articles related to this study come through my Google Now feed. One or two of them listed 5-7 apps that I believe Google has removed from the play store.
     
  4. Atul

    Atul New Around Here

    Joined:
    Jan 16, 2017
    Messages:
    5
    Location:
    New York
    Better download a legitimate VPN app. As far as we see android PlayStore, yes there is much bloatware. Still, there is some good sort of apps which provides you 100% security.
     

Share This Page