A new one It claims that despite claiming to be an independent provider, there are 18 secret connections in the 100 easiest virtual private network (VPN) apps on the Google Play Store. This paper does not sue any of our options but the services it surveyed were popular, with 700 million collective downloads downloaded on Android alone.
The study, published in the Journal of Privacy Enhancement Technology, not only found that the VPNs involved failed to reveal behind-the-scenes relationships, but their shared infrastructure contained serious security flaws. Notable services like Turbo VPN, VPN proxy guru, and X-VPN were found to be vulnerable to attacks that can expose users to browse activities and inject corrupted data.
The paper was inspired by “Hidden Links: Analyzing the Secret Family of VPN Apps” several VPN companies are finding that they are selling multiple apps without determining the connection between them. This prompted the “hidden link” researchers to ask whether relationships between secretly shared VPNs can be systematically documented.
Starting with the list of the most downloaded VPNs on Android, researchers aggregated the data from each VPN’s business paperwork, network presence and code base and filtered the connections through it. Mainly by identifying suspicious similarities in the code, they were able to divide 18 VPN applications into three groups.
family Consisting of Turbo VPN, Turbo VPN Lite, VPN Monster, VPN Proxy Master, VPN Proxy Master Lite, Snap VPN, Robot VPN and Supernet VPN. Discover these are shared among the three providers – innovative connections, lemon diced cubes and autumn breezes. These three a company located in mainland China, was identified as a “Chinese Military Company” .
Family b It consists of global VPN, XY VPN, Super Z VPN, Touch VPN, VPN Promaster, 3X VPN, VPN INF and Melon VPN. These eight services are shared among five providers, all using the same IP address of the same hosting company.
Family c Consisting of X-VPN and Fast Potato VPN. Although the two apps come from another provider, the researchers found that both use very similar code and include the same custom VPN protocol.
If you are a VPN user, this study should be related to you for two reasons. The first issue is that the company that is commissioned by your private activities and personal data is not honest about its location, owning them or possibly sharing your sensitive information with whom. Even if their apps are perfect, this will be a serious breach of trust.
But their app is far from perfect, and that’s the second problem. All 18 VPNs in all three homes use the Shadowsocks protocol with hardcoded passwords, which makes them easy from the server side (can be used for malware attacks) and from the client side (can be used for eavesdropping in web activities).
Ultimately, VPN providers are dishonest about their background, and VPN clients running on Slapdash infrastructure are symptom of the same problem: these apps are designed to be something other than keeping you safe online. Since all 18 are listed as unrelated products, it is obvious that the app store is not an effective defense. “Hidden link” paper makes it more necessary Instead of reviewing it first, just use a free VPN supported by a paid subscription, Like Proton VPN.
