- Many free VPNs act as spyware, collects sensitive user information
- More apps abusing permissions that transform privacy into tracking systems
- VPN developers often justify excessive access with misleading security explanations
The growing popularity of free VPN apps has given mobile users an easy path to privacy – but new evidence also suggests that many of these apps may do the opposite of what they promise.
Research from Zimperium Zlabs has demanded a large part of free VPNs for Android and iOS requesting excessive permissions, using outdated code and can expose users to risks at the monitoring level.
Despite the extent of the results, the report did not reveal which apps were involved, which left users on their own caution when choosing what they think is the best free VPN service.
A VPN app must encrypt and protect network traffic, but many of these analyzed show behavior that contradicts this purpose.
Some request Android’s permission for “Read_Logs” which allows them to view system -covering activity, potentially giving them access to usernames, passwords and personal messages.
This ability transforms them effectively into spyware capable of keylogging and avoiding detection of mobile threat.
Others are looking for iOS permissions such as “Location_always”, providing 24-hour GPS tracking that enables continuous monitoring of a user’s movements.
These permits, which have no legitimate use in a VPN, can be combined with traffic data to create detailed profiles of a person’s online and offline habits.
Zimperium’s analysis found many cases where free VPN apps requested “private rights” which provide deep access to a device’s operating system.
Such privileges can let an app run code, extract sensitive data or gain control over the device and create serious privacy and security risks.
Some apps also use outdated Openssl libraries that are still vulnerable to the heartbeat -Bug from 2014, showing that many developers even neglect basic patching standards.
Others do not validate certificates correctly and expose users to man-in-mid-attack that allows the interception of allegedly safe traffic.
Researchers also found VPN -Apps requesting permissions as “Use_local_network.”
This allows them to map devices near a Wi-Fi network, a feature that is better suited for malware than security software.
Developers sometimes justify such access by claiming that it improves “Connection Troubleshooting”, but in practice it allows device scan and reconnaissance of networks.
Several apps can even catch screenshots and expose user data visible on the screen.
With hundreds of VPNs found to present such risks, the difference between safe and uncertain tools becomes critical.
Unfortunately, Zimperium refused to share the list of these VPNs, so users need to approach free VPNs with skepticism.
They should also favor providers who review independent audits, clearly reveal their privacy policy and avoid intrusive permits.
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
