Many Free Mobile VPN Apps Are Based In China Or Have Chinese Ownership

A new study has found that more than half of the top free mobile VPN returned by Play Store and App Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy. "Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal. ZDNet reports: The researcher says he analyzed the top 20 free VPN apps that appear in searches for VPN apps on the Google and Apple mobile app stores, for both the US and UK locales. He says that 17 of the 30 apps he analyzed (10 apps appeared on both stores) had formal links to China, either being a legally registered Chinese entity or by having Chinese ownership, based on business registration and shareholder information Migliano shared with ZDNet.

The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. Almost half of the free VPN apps also appeared to take the privacy policy as a joke, with some hosting the policy as a plain text file on Pastebin, AWS servers, or raw IP addresses, with no domain name. In addition, 64 percent of the apps also didn't bother setting up a dedicated website for their VPN service, operating strictly from the Play Store.

How about Proton?

[goombah99]

I think proton is swiss?

Re:

[jpkeating3]

Is this a new low? One germane comment. The second uses the subject as an excuse for politics, then massive explosion, with shards of illogic and ill will scattered across the screen. I was hoping for something informative on privacy vs. privacy risks, and tips on VPNs (I may need one for future work). Slashdot these days clearly posts topics designed to encourage rants, not discussions; unfortunately, that bleeds over into technical stories as well. Nothing to read here today.

Re:

[account_deleted]

Comment removed based on user account deletion

Re: Of course they are

[dilvish_the_damned]

OMG were you in a coma?

Re:

[pnutjam]

My recommendations, PIA if you don't mind a US based VPN. Should be fine for torrenting or privacy as there is no indications they keep logs that can be subpoenaed.
AirVPN if you want a European based VPN.
Not sure about non-five eyes VPN's. They are generally based in jurisdictions with little oversight and that can have negatives as well as positives. It's never been an issue for me.

Re:

[The Cynical Critic]

Alternatively it's do with how Chinese citizens have the Great Firewall of China to contend with. Compared to countries where people don't have something like that to contend with Chinese citizens are obviously going to be more interested in VPNs and other techniques to go around it, hence a lot of Chinese VPN services.

Oh and a population of that exceeds the population of the U.S by over a billion...

Re:

[Zontar The Mindless]

Please mod parent up.

Why is anyone surprised?

[Anonymous Coward]

If you haven't figured out by now that Android and its parts are nothing but crap-laden spyware, you probably never will. Until something happens to you.

Chinese have a reason for a VPN

[jrumney]

It seems like standard supply-demand economics at play here. Demand for VPNs is especially strong in markets where the government is blocking access to popular overseas services, so it makes perfect sense that the companies offering them would pop up in the same place.

Re:

[Aighearach]

You might have an childish and absurd concept of how business works in China, and how Chinese companies get started and get positioned in the marketplace. Also, how the internet works in China.

I'll give you a hint: The Great Firewall is not stateless.

Chinese government VPNs are good for Chinese

[aberglas]

My daughter had a Chinese friend contact her on Instagram, which required a VPN. Nothing sinister, just chat. If I were Chinese and using a VPN, I would want to use one that is probably monitored by the government so that they do not think I am doing something hostile to them.

If I was doing something hostile I would not use any VPN at all, and be very, very wary of anything I did use. Using a VPN is flashing a bright beacon. Using a non-Chinese VPN is adding a siren to the beacon.

Re:

[Aighearach]

They definitely track which devices are owned by foreigners, and let foreigners use foreign VPNs, but I think last year they started turning off access for Chinese-owned devices. It would seem to be unwise to be the owner of a device that gets restricted.

Re:

[Anonymous Coward]

It seems like standard supply-demand economics at play here. Demand for VPNs is especially strong in markets where the government is blocking access to popular overseas services, so it makes perfect sense that the companies offering them would pop up in the same place.

Yeah that sounds like a perfectly safe business model. That government is SO STUPID they would have never thought of anyone trying to circumvent their blocking. Oh, what's that? The entities doing the circumvention are within Chinese jurisdiction? Nah, nothing could possibly go wrong with that!

Re:

[Anonymous Coward]

What's most important about China is that they don't give a shit about hate speech laws (Europe) or the DMCA (America). As long as you don't mess with the Chinese leadership or certain political topics (Taiwan), you can say almost anything.

So it makes perfect sense to have VPNs in China. Pirates are interested in obtaining movies/music/software and don't care about China. The people who run afoul of hate speech laws care less about China than their local politics.

Re:

[pnutjam]

Plausible, but this definitely sounds like propaganda to me.

To quote the Orange Guy:

[Tablizer]

Jiiina! [youtube.com]

This is a surprise?

[rainwalker]

Who did people think were paying for the servers and bandwidth? If you're not paying, then you're not the customer. Real VPN providers are cheap; if you don't spring the couple bucks a year that one of them costs, well, you sort of deserve what you get.

Re:

[cascadingstylesheet]

Who did people think were paying for the servers and bandwidth? If you're not paying, then you're not the customer. Real VPN providers are cheap; if you don't spring the couple bucks a year that one of them costs, well, you sort of deserve what you get.

So if one of these starts charging a couple of bucks a year, you'll think it's legit?

How do you know that hasn't already happened? They could be vacuuming all your data and charging you for the privilege ...

That's the problem with trust; it's not simple. For example, why should I trust some random guys in Switzerland? Or why should I trust some guy who rolled his own Firefox fork? I may want to, but why should I? It will be because of some vague trust marks of some kind.

Lemmee get this straight

[Snotnose]

I use a VPN to download music/movies while keeping my ISP off my back. Who could possibly care less than I do about Copyright?

Oh yeah, that would be the Chinese.

Wrong target audience

[Anonymous Coward]

The study authors seem to be under the impression that these privacy policies (or lack thereof) are directed at people installing the apps. Can't imagine what gave them this idea. The policies are there (or not) for the customers - the advertisers and the state actors, and for them they are close to perfect.

You get what you pay for

[hyades1]

I'm normally pretty contemptuous of the snide, know-it-all geektards who infest places like Linux help forums. You go there for help when you're just starting out with some kind of software, and you get sneered at and disparaged for asking simple questions.

But this is a bit different. If you're computer savvy enough to know why you need a VPN, you already know enough to figure out why some are better than others. Even few minutes of research should tell you what you need to look for in the policies and practices of any VPN you're thinking of entering a relationship with.

What you see right up front should tell you that some of the free ones, especially if they're owned by the Chinese (who seem dedicated to making Big Brother look like a Libertarian), are a bad, bad idea. They're probably worse than nothing at all, actually, because like a leaky condom, they're just going to give you a false sense of security while you're getting screwed.

Re:

[DNS-and-BIND]

I'm curious: how are they going to screw me, exactly? Let's say for some bizarre reason the Chinese government wanted to trick me into installing a free VPN and then somehow use it against me. What form could that possibly take?

From where I'm sitting, I have far more to fear from my own government than the Chinese. The only reason they even set up these free VPNs is to keep track of their own people who use VPNs to vault the Great Firewall. As long as I'm not involved in attempting to overthrow the Co

Re:

[hyades1]

All excellent points. The cretin you are addressing with this doesn't seem to understand anything that involves considering not just what's happening in front of one's face, but what can reasonably be extrapolated from it.

How are they going to screw you...

[Immerial]

You are installing basically an 'untrusted' app voluntarily. They could use the app to compromise your phone, use it to spy on the things around you, use up your phone's resources, etc., etc.

I also never understood the acceptance of the false choices that people give on this... "I'm going to be pwned anyways. Might as well be pwned by China." ...er, what about not choosing to be pwned? Have you tried that? A laissez-faire attitude towards security never ends well.

Re:

[DNS-and-BIND]

You failed to address the question so I'll repeat it: " Let's say for some bizarre reason the Chinese government wanted to trick me into installing a free VPN and then somehow use it against me. What form could that possibly take?"

The App Itself?

[Immerial]

You are installing a VPN app on your phone. An app can do many things. Even at the simplest level... you've given it permission to handle network traffic b/c it's a VPN app. It could send malicious packets, do denial of service attacks, relay local traffic, be used as a way to exploit local machines on your network, etc. You and your phone might not contain anything you are worried about... but what about everything around you? Sorry, what am I missing? I'm not sure why this seems unclear. I'm not being sar

Re:

[DNS-and-BIND]

Yes, I get that. Let's say they know every packet on my phone and every keystroke. What can the Chinese government DO with that? How would they use it against me? It seems to me that they're not interested in me at all. They're only doing this free VPN stuff to entrap their own people who are trying to leap the Great Firewall.

Re:

[hyades1]

You're wasting your time on this guy. He's one of those people with a one-track mind who can't see anything beyond what's three inches in front of his nose. I'd call him an idiot, but that would both insult idiots and underrate his monomania.

Re:

[hyades1]

They have exactly the same reason to be interested in you as the US intelligence community...that is to say, no reason today. Tomorrow? Well, some of us, at least, aspire to become more influential in the future than we are now.

Not necessarily spyware

[Anonymous Coward]

Most Chinese users uses VPN regularly not for privacy or even hiding their copyright infringing habits. They use it for side-stepping geo restrictions so they can watch videos on youtube, download games in Japan playstore, activate Steam keys from Russia, etc. So anonymity wasn't a concern.

Of course I'm sure many of these apps are spyware, but some are just careless and not malicious. I know of people who ran their own free VPN by renting VPS overseas and installing some vpn server they found online, and th

Fearmongering about China

[jodido]

I guess the implication of this article is that there's something bad or dangerous about the fact that these apps are Chinese in origin or ownership. But why is that worse than anywhere else? Do the big US internet companies not work closely with the US government? Or the UK? Why is it that if it's Chinese it's sinister? Fu Manchu is dead.

Are they safe?

[MancunianMaskMan]

is anyone reminded of the creepy feeling in Marathon Man where he is "rescued", driven round the block and asked some questions, and then returned to his captors; it turns out that it was all part of a plan?

Here's a VPN to set you free from government intrusion.OK it's illegal but we're getting away with it. Go on, you can speak your mind now!

It should bother you.

[Immerial]

They may not come after you but they might come after your country or your business that you work for. What if China applies a little more pressure to one of these VPN companies to add a little more to their network code. Boom... your phone could be sending out malicious network packets on your local network, used in a denial of service attack, used to compromise other machines on your network. Maybe not your specific machine but it could affect the things and people around you. I feel like I'm talking to a