- Security researchers found Russian network fingerprints on 12 free VPNs available on Google and Apple’s App stores and Chinese tracks on six
- Five of these VPNs also meant to have ties with a Shanghai-based firm is assumed to have connections with the Chinese military
- While network fingerprints do not necessarily signalize Chinese or Russian ownership, experts advise caution
Twelve free VPN services available on the official Google Play and Apple App Store may have connections with Russia and six with China.
These are the results of security researchers at Comparitech, who analyzed 24 VPNs and found Russian and Chinese network fingerprints in a total of 12 apps. Two of them (Turbo VPN, VPN Proxy Master) also include Chinese or Russian SDKs (software development sets), which according to experts “are clear indicators that SDK was deliberately gathered in the app.”
Experts are based on the team’s work on the Tech Transparency Project, which in April revealed this millions Of free VPN users across 20 apps may have sent their data to China without knowing it. On that occasion, experts found that Turbo VPN and VPN Proxy Master together with three additional services (Thunder VPN, SNAP VPN and Signal Secure VPN) have tapes with a Shanghai-based company assumed to have connections with the Chinese military.
Despite these traces that do not necessarily signal Russia or China’s ownership, experts advise the current users to exercise caution regarding their data protection.
“China and Russia both force domestic-owned VPNs to register with the government and comply with local laws, which can affect users’ privacy. For this reason, no Chinese or Russian VPN can offer a reliable ‘no-logs’ service that is the only type of VPN we recommend,” researchers wrote.
What apps are affected?
The affected VPN apps can be divided into three groups:
- Six communicates with Chinese domains: Signal Secure VPN (Android), Turbo VPN (Android), VPN Proxy Master (Android), Snap VPN (Android), NOW VPN (iOS) and Ostrich VPN (iOS)
- Eight Android -Apps communicate with Russian IP addresses: Quarkvpn, VPNIFY, Signal Secure VPN, Turbo VPN, VPN Proxy Master, Snap VPN, VPN Free and Proxy Master
- Four iOS -Apps communicate with Russian domains: Nowvpn, Wirevpn, FastVPN Super, VPN – Fast VPN Super with Apple.com -domains hosting in Russia, but only the latter two have other third -party Russian domains.
Four Android VPN (Signal Secure VPN, Turbo VPN, VPN Proxy Master and SNAP VPN) have connections with both Chinese and Russian domains.
All in all, “Apple does not show any of VPN apps that communicate with third-party Russian domains on their Android versions. Based on this, Apple seems more strict to remove Russia-connected VPNs than China-bound,” experts wrote.
What does it mean for your privacy?
While the best VPN services promise to increase online privacy life by encrypting your online communication and working with strict policies without log, both China and Russia impose greater control and data storage requirements on domestic VPNs.
As mentioned earlier, the traces that scientists found do not necessarily have Chinese and Russian ownership. Still, “it can be an indicator of potential ties, especially when combined with other signals,” such as a Chinese or Russian SDK, releases metadata or similar behavior.
At practical level, this means that the app can route some data or logs via servers located either in China or Russia. Foreign SDKs could especially signal deeper control or development origin, according to experts.
As a rule of thumb, you should avoid non-verified free VPN apps, regardless of their ownership as they can make you vulnerable to all sorts of privacy and security risks from invasive ad-tracking to malware and even foreign surveillance.
If you are looking for a secure freebie, I recommend checking our updated free VPN guide, with Privado VPN, Proton VPN and Windscrib VPN, which is the top choice of the day. If you are willing to go premium, NordVPN Techradar’s best -rated service is at the time of writing.
