Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.
"Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal.
The researcher says he analyzed the top 20 free VPN apps that appear in searches for VPN apps on the Google and Apple mobile app stores, for both the US and UK locales.
He says that 17 of the 30 apps he analyzed (10 apps appeared on both stores) had formal links to China, either being a legally registered Chinese entity or by having Chinese ownership, based on business registration and shareholder information Migliano shared with ZDNet.
"Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support," Migliano said.
In addition, 64 percent of the apps also didn't bother setting up a dedicated website for their VPN service, operating strictly from the Play Store.
The results of this study should worry VPN users, from both a privacy standpoint, but also from a technical and professional point of view.
The study's results are also worrisome especially for businesses that use these apps internally or have employees who use the apps without prior approval.
Data exchanged via these VPNs, some of which may be company trade secrets, may end up being logged, and in the worst case scenario logged on Chinese servers, where it may be at the disposal of Chinese authorities, which have a long and well-documented history of hacking, favoring, and helping local businesses at the expense of foreign competitors.
In addition, China has also enacted strict regulation in the past two years that has clamped down on VPN services and has forced local VPN providers to register with state authorities in order to obtain a license to operate in the country.
Due to its lack of legal boundaries and heavy-handed authoritarian mode of operation, the Chinese state has now a firm grasp on any VPN providers located inside its borders.
According to Migliano, users and companies should rethink their approach of using some of the above-listed apps, on both the grounds of the operator being under the possible influence of the Chinese authoritarian regime, but also due to some of these VPN provider's poor to privacy policies, a sign that they don't really value customer privacy as well.
Migliano's report, available here, lists all the problems he discovered with each of the 30 VPN apps in finer detail.