Check If Your Android VPN Is Collecting Personal Data [updated]

If you are like most people, you will probably find an application that you want to install on your smartphone, download it and install it without even thinking about what permissions it requires from your device. We believe this is especially true for VPN applications , because you are probably already assuming that some other service will see all the unencrypted data that you send back and forth. This is not to say that you shouldn’t be mindful of what else these apps want; the last thing you need is an application that should protect your identity from the leakage of important information.

“Safe” and “dangerous” application permissions

The most secure VPNs from a device perspective are the ones that require access to as few of your device’s features as possible.

While you will find many VPN apps that ask for one or two permissions, not all permissions are the same. The official Android developer site classifies certain permissions as “dangerous”, which means that they could potentially be used to use your device’s operating system or access personal data stored on it.

Unlike “safe” permissions, which the device automatically grants in the background, dangerous prompts must always be granted by the user, either during the installation of the application or the first time a particular feature is used in the application. Examples include: accessing and storing data on your phone’s internal storage; access to your camera or microphone; and access to call logs, contacts and network information.

To put this in perspective, we turn to an earlier study by the Australian Research Organization Australia Union, which highlights the different kinds of permissions that are requested by different types of Android VPN apps. While you probably shouldn’t worry too much if your VPN app requires any internet or network-related permissions, if it wants to read or write SMS messages – a blowout – it should come as a surprise.

Worse, the same study showed these unfortunate statistics:

“While 67% of identified VPN apps for Android offer services to improve online privacy and security, 75% of them use third-party tracking libraries and 82% ask for permissions to access sensitive resources, including user accounts and text messages.” …

The key point here is to pay attention to what permissions are being requested and only grant those permissions that make sense for the application (s) in question – do not absentmindedly approve of all permission requests that appear on your screen. A regular VPN app probably doesn’t need access to your SD card storage in order to read and write data, nor does it need to spy on your contacts.

Ultimately, as noted in a 2017 Wired article, chances are good that the VPN app you downloaded is more fraudulent than legitimate, especially if it’s free. (An exception is Cloudflare’s 1.1.1.1 when its ” Warp ” VPN debuts for everyone.) Your best bet is to pay for a legitimate VPN service with strict privacy controls, or run your own VPN (either through your router if it’s built-in or OpenVPN ).

How to check and change app permissions on Android

If you’ve ever wondered what your Android VPN or any other app can access on your phone, here’s how to check it:

  1. Tap and hold an application icon, then tap the Application Info icon.
  2. Click Permissions.
  3. You will then see a list of all the permissions requested by the app and which ones have been approved by you or the Android OS. You can change each resolution by tapping the slider next to it.
  4. Alternatively, you can open the Settings app and select Apps & Notifications> Advanced> App Permissions. Tap certain types of permissions to see which apps can access them. From here, you can revoke previously granted access by tapping the slider next to the app name.

Be aware that changing app permissions may cause the app to not function properly or disable key features.

Plus, you don’t have to download and install an app to see what permissions it asks for: both Google Play and the Amazon app store list the permissions requested by the app on their store page. If you spot anything fishy, ​​read user reviews or search the web to see if permission is needed, and skip any apps with permissions that you are not comfortable with.

Finally, using a reliable antivirus app can help catch malicious apps (many of which disguise themselves as fake VPNs) before they are installed on your device.

June 20, 2019 update: This article originally quoted TheBestVPN.com’s list of potentially dangerous VPNs for Android. However, the PCMag report revealed inconsistencies with the identities, credentials, and business connections of TheBestVPN founder and employees, which casts doubt on the legitimacy of the website’s information. In light of this report, we have updated this post with new information and links, and have removed all links to TheBestVPN and its recommendations.

More…

Leave a Reply