The company’s researchers analyzed 150 VPN apps present in the Google app store and that had accumulated more than 260 million downloads. According to Simon Migliano, Head of Research at Top10VPN, out of the total programs examined, 38 of them tested positive for “DNS leaks”. This means that these applications send data to DNS servers from your IP, in an unencrypted communication.ADVERTISING
In addition, four analyzed VPNs have WebRTC leaks, and two others are true “security sieves”, with DNS, WebRTC, and IP address leaks.
Top 10VPN experts also found that 99 out of 150 VPNs examined ask for access permissions classified as “dangerous”. 25% of them request access to the user’s physical address and another 38% ask for personal information. Three of them, for example, still ask for access to the smartphone’s camera, three want to view their contacts, seven want their Bluetooth connection and two want the microphone and the cell phone’s calendar. In other words, these are permissions that no app of this kind should request, considering that this data has no influence on their operation.
Furthermore, 103 of the 150 VPNs were able to perform connection tests, but 38% of them show important anomalies. Of that total, 14% of these apps used DNS servers included in relevant blacklists. This means that the VPN may not be able to access certain websites, which is illogical, considering that the function of this type of technology is precisely to access pages that we would not normally be able to.
Another factor noted by the researchers is that more than half of the VPNs tested had stability issues, including data packet loss or excessively high latency.
In terms of “malware”, the people at Top10VPN stated that the codes of all applications were scanned using the VirusTotal solution. And the results show that 18% of the apps (27 in total) tested positive for viruses or other types of malware. In addition, 45 of them were able to obtain the IMEI, nine were able to access the phone number and four were able to send SMS messages using the user’s number.