Go to top of page

Be careful when using mobile VPN apps

Priority Level: 
Moderate
30 January 2017

You are advised to be careful when using mobile VPN apps after an analysis found several VPN apps developed for the Android operating system had security and privacy issues.

According to the CSIRO's digital research unit, Data61, millions of users worldwide are turning to mobile VPN apps to hide browsing or for securing data when using public Wi-Fi networks.

However, a report prepared by Data61 with the University of New South Wales and the University of Berkeley reveals the risks of using many VPN apps developed for Android (an operating system that runs on many mobile devices such as smartphones and tablets).

The analysis of 283 Android VPN apps found that 18 percent failed to encrypt users' traffic while 38 percent injected malware (malicious software designed to damage or gain access to user's information).

In addition, more than 80 percent of the apps asked to access sensitive data such as user accounts and text messages.

"While most of the examined apps offer (some form of) online anonymity, some app developers deliberately sought to collect personal user information that could then be sold on to external partners," the blog post says.

The researchers said they had shared the findings with the developers of the apps they had reviewed. Several developers acted to fix the issues identified, while some apps were removed from the Google Play online store.

Data61 Professor and Senior Principal Researcher in Online Privacy and Security, Dali Kaafar recommends people looking to use mobile VPN apps take several steps before signing up to a particular app:

  • shop around
  • compare functionality and
  • read reviews.

 "Always pay attention to the permissions requested by apps that you download," Mr Kaafar says. "This study shows that VPN app users, in particular, should take the time to learn about how serious the issues with these apps are and the significant risks they are taking using these services."

The full report is available here.

More information

The Australian Communications and Media Authority has released a guide for consumers to apps and in-app purchases.

Stay Smart Online has provided information and Alerts on malicious apps.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.