Researchers find anxious interference between 18 popular VPN networks

new It is alleged that 18 of 100 more virtual virtual network applications (VPN) at the Google Play store are secretly connected to three large families, although the claim that they are independent service providers. The paper does not accuse any of our choices for But the services that it achieve are popular, with 700 million collective downloads on Android alone.

The study, published in the Journal of Privacy Private Technologies (PETS), does not find that the concerned VPNS has failed to reveal relations behind the scenes, but also that its joint infrastructure contains serious security defects. Known services such as Turbo VPN, VPN Proxy Master and X-VPN are found for attacks capable of exposing user browsing and damaged data injection.

Entitled “Hidden Links: Analysis of Secret Families of VPN Applications”, the paper was inspired by the paper And that I found that many VPN companies were selling multiple applications without specifying contacts between them. These researchers motivated “hidden ties” to ask whether the relations between the common VPNS are secretly documented.

Starting with the most mobile VPNS menu, the researchers collected data from all the commercial works of each VPN, the presence of the web, and CodeBase and Sifted through communications. By identifying similarities in the code, they managed to sort 18 VPN applications into three groups.

Family a It consists of Turbo VPN, Turbo VPN Lite, VPN MONSTER, VPN Proxy Master, VPN Proxy Master Lite, Snap VPN, Robot VPN and SuperNet VPN. This that was shared between three providers – innovative connectivity, lemon cloves and autumn breeze. All three It is a company based in China, the main mainland and was determined as a “Chinese military company” .

Family b It consists of global VPN, XY VPN, Super Z VPN, Touch VPN, VPN Promaster, 3x VPN, VPN Inf and Melon VPN. These eight services, which are shared between five service providers, are used, all of the IP addresses themselves from the same hosting company.

Family c It consists of X-VPN and Fast Potato VPN. Although these two applications come from a different provider, the researchers found that both use a very similar symbol and ensure the same designated VPN protocol.

If you are a VPN user, this study should be important for you for two reasons. The first problem is that companies that have been assigned to your own activities and personal data are not honest in the place you own, possess, or who may share your sensitive information. Even if their applications are perfect, this will be a severe breach of confidence.

But their applications are far from perfection, which is the second problem. All 18 VPNs are used across all three families ShadowSocks with a difficult password, making them vulnerable to the seizure of the server (which can be used in malware attacks) and customer (which can be used to eavesdrop on web activity).

Ultimately, the VPN provider runs unfairly around his background and a VPN customer who works on the Slapdash infrastructure is a symptom of the same problem: these are applications designed to do something other than keeping you safe online. Since all 18 were listed as non -relevant products, it is also clear that application stores are not an effective line of defense. The “hidden links” paper makes it necessary more than that Without examining them first, and the use of free VPNS supported by paid subscriptions, Like VPN proton.