For a multitude of reasons, VPN services have become an essential toolfor many users, in their daily life on the Internet. The two main reasons are, of course, privacy when we do not want the pages and web services to which we connect to know where we do it from, and security when using public networks. But, let’s not fool ourselves, another of the uses for which they have become especially popular is that they allow access to pages and services that are either not accessible from our country (as is the case with many sites in the rest of the world since Europe approved certain legal regulations), or they show different content depending on the place from which we connect (such as movie and series streaming services). But what happens if the same tools we use to protect ourselves hide flaws that put our privacy at risk? A recent study leaves us with more questions than answers.
Top10VPN, a site specialized in this type of services, has published an exhaustive analysis of 30 Most Popular Paid VPN Apps on Android. These services, whose apps have accumulated more than 732 million installations worldwide, were evaluated to measure their security and privacy. The findings reveal that, although many meet acceptable standards, several of them present vulnerabilities that could compromise users’ personal data.
Exposure of personal data
One of the main concerns was the exposure of personal data. The study revealed that some applications share user information in ways that could put their privacy at risk. These practices include the use of advertising tracking codes and the implementation of poor personal data management policies, which compromise the security of users.
Data leaks
The study also detected that many applications presented some type of data leak, although none of critical severity. The most common leaks include lack of SNI encryption, which can expose VPN usage, and DNS request leaks, which allow third parties to view queries made by the user. These issues could be exploited to identify usage patterns or even track online activities.
Outdated security protocols and weak encryption
The use of outdated protocols continues to be a recurring problem in several analyzed applications. Some did not use the latest version of TLS, which increases the risk of attacks during data transmission. Furthermore, the use of weak encryption algorithms limits the protection of information, potentially exposing sensitive data in critical situations.
Risky hardware and permissions
Another concern was the unjustified use of permissions and hardware in some applications. These requested access to resources such as location, camera or microphone, even though these functionalities were not necessary for the correct functioning of the service. This behavior raises questions about the true intentions behind these requests.
Recommendations
The study makes it clear that not all VPNs are the same. To choose a truly secure tool, users should look for apps with independent audits and transparent privacy policies. In addition, it is important to opt for those that use the most advanced security and encryption protocols.
In a market where trust is key, discovering that these services suffer from these types of problems is, to say the least, worrying. And yes, it is true that not all are the same, that there are services that we can consider quite safe. But, even so, those responsible should take good note and solve these problems to offer a totally reliable VPN service.
Source: www.muycomputer.com
