Your Free VPN App May Be Spying on You.
You may do everything you can to protect your online privacy by using tools like multi-factor authentication , a secure password manager, and a VPN, but unfortunately, not all privacy-focused apps and services actually deliver on their promises. In its November scam alert, Google warned users about VPN apps and extensions that appear legitimate but are actually malware carriers.
VPNs can actually be spyware.
A VPN, or virtual private network, significantly hinders tracking of your internet activity by rerouting your traffic through a different connection than your regular internet service provider. This hides your IP address, location, and browsing data, protecting your information and devices from hackers.
According to Google, malicious VPN services (posing as legitimate) deliver data-stealing malware, remote access Trojans, and banking Trojans to user devices once installed, allowing hackers to access sensitive personal data such as browsing history, financial data, and cryptocurrency wallet information. This means the app you use to protect your privacy could be doing the exact opposite. Cybercriminals exploit users’ trust in these services by creating apps that look and function like legitimate VPNs, but are actually dangerous spyware.
How to keep your VPN secure
Like any other app or extension, download and install a VPN only from an official source, such as the Google Play Store. While malware can sometimes infiltrate your system, this is generally safer and more reliable than downloading it via a messenger or other untrusted website.
In January 2025, Google launched a VPN verification process to help users identify trustworthy VPN apps in the Google Play Store. To receive the “Verified” badge, VPN apps must pass the Mobile Application Security Assessment (MASA) Level 2 review and agree to independent security audits. Badges are awarded only to VPNs that have been published for at least 90 days, have reached 10,000 installations, and have 250 user reviews.
Of course, this system isn’t perfect either: as TechRadar reported earlier this year , a popular (free) Chrome VPN extension was flagged and later found to be spying on users. That’s why you should rely on a reputable VPN service , which means you’ll likely have to pay for it. Free VPNs are far more likely to be a privacy nightmare, like any app that sounds too good to be true. You won’t get unlimited data for free without sacrificing something .
Finally, carefully review your VPN permissions and grant the minimum access necessary for the app or extension to function. (This should be done with any downloaded app, and you should also regularly check apps to remove unnecessary permissions.) You can check your VPN service’s support pages to see which permissions are essential. For example, this shouldn’t include access to your contacts, camera, microphone, or photos.