🟠 High  |  Source: The Hacker News


A study of 281 popular free Android VPN apps found that many fail at their core purpose: keeping user traffic private. Problems include traffic leaks outside the VPN tunnel, unencrypted data transmission, and embedded tracking. Apps with at least one identified flaw have been collectively installed over 2.4 billion times, making this a widespread consumer and enterprise risk.

Security Architect’s Take: Prohibit or formally assess the use of free consumer VPN apps on any device that accesses corporate resources — this research confirms they frequently lack basic security controls. If employees use personal Android devices under a BYOD policy, update your acceptable use policy and mobile device management (MDM) controls to block or flag unapproved VPN applications.

Original advisory: Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking