CALL US

+91 9116117170

Critical vulnerabilities in Top Free VPN apps on Google Play store | Cyberops

Critical vulnerabilities in Top Free VPN apps on Google Play store

By Aneesh A S 0 Comment March 4, 2020

Android users using free VPN apps installed from the Google Play Store might want to reconsider their decision after research from the site Top10VPN revealed that at least one in five of the most popular 150 free VPN apps in the playstore could be a possible source of malware, while a quarter of the apps contain privacy-compromising bugs such as DNS leaks.

These apps have over 260 million installations globally thus affecting millions of users privacy and concerns over their data.

Major flaws

The study conducted by the head researcher Simon Migliano of Metric Labs at Top10VPN.com, discovered that four VPN apps leaked WebRTC data (a real-time communications protocol for browsers). Two other apps leaked DNS data, IP addresses and WebRTC data.

These 150 apps were also scanned using Google’s VirusTotal site and it was identified that 27 of these apps are flagged as potential source of malware.

Nearly 66 percent of these apps asked for permission from users which are categorized as ‘dangerous’ by the official Android developer documentation. 25 percent of these apps asked for permission to track users location, while 38 percent requested access to personal information. There were also a few apps that wanted to use the device’s camera and microphone.

High security risk apps with critical vulnerabilities :

The following apps have critical vulnerabilities that opens them to dangerous attacks known as man-in the middle (MITM) attacks.

  • SuperVPN Free Vpn Client  – 100M installs
  • TapVPN Free Vpn – 10M installs
  • Best Ultimate VPN – 5M installs
  • Korea VPN – 1M installs
  • Wuma VPN-PRO ( removed from Play Store)
  • VPN unblocker Free unlimited – 1M installs
  • VPN Download  ( removed from Play Store)
  • Super VPN 2019 USA – 50,000 installs
  • Secure VPN Free Unlimited Vpn ( removed from Play Store)
  • Power VPN Free Vpn ( removed from Play Store)


Though some of these insecure VPN apps were recently removed from the Play Store, the researchers still advise users to remain careful. 

error: Content is protected by Cyberops !!