Skip to main content
  1. Home
  2. Phones
  3. News

Your free mobile VPN is a privacy disaster. Go figure

Android's free VPNs are somehow worse than you expected

Add as a preferred source on Google
VPN
VPN Unsplash

The free VPN app you downloaded for your Android phone might be doing more harm than good. A recent large-scale audit of free Android VPN apps has shared some worrisome findings that justify some healthy suspicion. Researchers found these apps leaking traffic, sending identifying information to third parties, and basically the opposite of what a VPN is supposed to do.

The study comes from researchers at the University of Michigan, the University of New Mexico and IIT Delhi. Their findings were presented at the Network and Distributed System Security Symposium 2026 alongside MVPNalyzer, a framework designed to audit mobile VPN apps automatically and at scale.

Some VPNs could barely manage the V

The researchers tested 281 operational, general-purpose VPN apps that could be downloaded and used for free from the Google Play Store. The sample was assembled from VPN-related searches across supported countries before the apps were tested on Android 14 devices. Services that required an account or payment were excluded from the study.

Recommended Videos

Among those apps, 61 transmitted some data without encryption. Five sent sensitive VPN configuration files in cleartext, potentially allowing an attacker on the network to redirect a user toward a server they controlled. Another 29 leaked browser or DNS traffic outside the encrypted tunnel, directly undermining one of a VPN’s main selling points.

Privacy was an entirely different can of worms. Seventy-six apps sent device identifiers such as Android’s Advertising ID to third parties, opening the door to continued tracking and fingerprinting. Researchers could extract and examine VPN configuration files from 108 apps, and 107 of them misused or ignored recommended encryption and security practices.

Free is doing a lot of work here

The study does not prove that every mobile VPN is insecure. Its testing focused on free Android apps that worked without accounts or in-app payments, so the results should not be automatically extended to iPhones or established subscription services excluded by that methodology.

It does show how little protection a Play Store listing and a reassuring shield icon can guarantee. The researchers also warned that app-store disclosures, including developer-submitted Data Safety information and Google’s VPN verification badge, may operate more like marketing signals than comprehensive security guarantees. So it’s best advised to avoid downloading the first free VPNs that appear in your app store searches.

Vikhyaat Vivek
Vikhyaat Vivek is a tech journalist and reviewer with seven years of experience covering consumer hardware, with a focus on…
Apple starts testing cheaper Chinese RAM inside iPhones, but your pocket won’t feel the ease
Fourth-largest DRAM producer in the world, on the Pentagon's watchlist, and now quietly inside Apple's test labs.
The M4 Mac mini on a desk.

Apple has quietly been testing a new memory supplier for some of its devices sold in China, and the name behind those chips is one that Washington has been keeping a close eye on.

It’s the one that I talked about a few days ago in another story, when rumors about Apple considering a Chinese memory supplier started surfacing after the company announced an ugly price hike for most of its devices (except iPhone and Apple Watch). 

Read more
Android 17’s new video standard fixes one of HDR’s biggest problems
Your HDR videos are about to look right, no matter what screen you use.
Electronics, Mobile Phone, Phone

Android 17 is packed with new features, but one small addition might end up mattering more than the flashy ones. It's called Eclipsa Video, and its whole purpose boils down to this: your HDR videos should finally look the way they're supposed to, regardless of which screen you're staring at.

Why does HDR look different on every screen?

Read more
A broken Galaxy Fold 5 just became the Pixel desktop future I want Google to steal
A broken Galaxy Fold 5 became a tiny PC because Samsung already built the desktop mode Google keeps treating like a side quest.
Desktop mode within Android 16.

A broken Galaxy Fold 5 should be a sad little monument to modern gadget math. One busted outer display, one repair bill nobody wants to inspect too closely, and suddenly a powerful foldable starts heading toward a drawer. Instead, a Redditor turned one into a glowing acrylic DeX box with spare parts, fans, a USB hub, and the kind of LED lighting that makes every homebrew computer look mildly illegal.

https://www.reddit.com/r/SamsungDex/comments/1upica7/fold_5_dexbox/

Read more