Follow ZDNET: Add us as a favorite source On Google.
Key takeaways of zdnet
- Three VPN families analyzed, linked 18 apps with original groups.
- Security issues were found including hard-coded shadow keys.
- Studies show that many free VPN may have shady safety practices.
A new educational study has detected suspected original and security weaknesses in collectively downloaded apps from Google Play Store more than 700 million times.
When you choose a virtual private network (VPN) service, it is necessary that you choose with a solid reputation and high security standards. It is important that strong encryption is in place and the VPN provider is known for the safety of its users, patch safety issues quickly, and being transparent about where it comes from and how it handles user data.
Too: Best VPN Service 2025: Best VPN for fast speed and streaming
Unfortunately, not each VPN service is for these principles, and this is not always clear for consumers, as is highlighted in a new study published as the part of the privacy enhancening technologies symposium (Pats). Benjamin Mixon-Beka, Jeffrey Nokal (from Citizen Lab), and Jedidia R. Cranddle, co-writer by the academic paper, titled Hidden links: Analysis of secret families of VPN apps ,
‘Almost identical’ Java code
Many of them despite marketing themselves as independent VPNs, three families, as listed below, have the markers indicating the same original or original companies:
- Family A – Providers: Innovative connecting, lemon cloves, autumn air. VPN includes: Turbo VPN, Turbo VPN Light, VPN Monster, VPN Proxy Master, VPN Proxy Master – Light, Snap VPN, Robot VPN, Supernet VPN
- Family B – Provider: Matrix Mobile PTE Limited, Super Z VPN, The Tool Tech, Fruit Security Studio, Wildluk Tech PTE. Limited | VPN includes: Global VPN, XY VPN, Super Z VPN, Touch VPN – Stable and Safe, VPN Promaster, 3x VPN, VPN Inf, Melon VPN
- Family – Providers: Freeconnectedlimited, Fast Potato | VPN includes: X-VPN, Fast Potato VPN
In family A, each VPN app included “almost identical” Java code, shared libraries, property and infrastructure. Family B – Some of whose apps connect Abhinav of family A to their privacy policies – VPN share IP addresses. The VPN of Family C shares similar codes, the same obscation, and “a shared, proprietary protocol implementation”.
Too: How VPN are helping people to avoid censorship – and much more
The safety issues discovered in these apps used hard-coded shadowx passwords in their APKs, noted by researchers that “allows an attacker to decry to the traffic of these providers, compromise on the safety claimed by these providers.” Weaknesses were also highlighted for weakens for blind-party attacks, weak encryption, and connection attacks.
Even if some of these or all VPNs are valid, it can be considered a misleading exercise that the link and shared infrastructure appear to be the first to share for independent apps.
Researchers noted that development and management may be due to trying to separate each brand citing costs. Nevertheless, the security problems mentioned by the study are related.
Too: Why I still recommend NordVPN to most people in 2025 – especially with the latest updates
Researchers say, “App stores like Play Store are in a challenging position, which are identifying software with misleading security of scalability and security properties in their stores around developers.” “Google offers a safety audit badge for VPN apps, but VPN makes such badge mandatory and offers an identity verification badge for developers that go through an identity verification process, can provide additional information and security to users.”
Little in life is really independent
If you use a free or unknown VPN, you have to keep in mind that VPN servers spend money to run infrastructure, and so in most cases, you are doing something else in exchange for access.
Too: When you should use a VPN – and when you should not do
Typically, free VPN will collect, store and share your data for targeted advertising objectives or otherwise, or they can bomb you with advertisements to generate revenue. As this research potentially indicates, free or “light” VPN may not be reluctant and may have a litter of security problems, which may risk your personal privacy and data.
If you want to use a VPN to improve your privacy online, we have prepared a list of your favorite VPN in 2025 – as well as a guide for some reliable, free VPN services. Thankfully, any of our favorite – Nordvpn, ExpressVPN, Proton VPN, or Surfshak – were bound by this research.
