According to a recent peer-reviewed study, although claiming to be separate providers, 18 of the 100 most popular virtual private network (VPN) apps on the Google Play Store are really related in three sizable families. Although none of our recommendations for the top VPN are criticized in the study, the services it looks into are well-known—700 million downloads on Android alone.
In addition to discovering that the VPNs in question did not reveal their behind-the-scenes interactions, the study, which was published in the journal of the Privacy Enhancing Technologies Symposium (PETS), also reveals that their shared infrastructures had significant security vulnerabilities. It was discovered that popular services including Turbo VPN, VPN Proxy Master, and X-VPN were susceptible to attacks that may reveal a user's browsing history and introduce tainted data.
The research, titled "Hidden Links: Analyzing Secret Families of VPN apps," was motivated by a VPN Pro investigation that discovered that various VPN businesses were selling applications without disclosing the links between them. This prompted the "Hidden Links" researchers to inquire about the possibility of methodically documenting the connections between VPNs that are secretly co-owned.
Beginning with the list of the VPNs that were downloaded the most on Android, the researchers collected information from each VPN's codebase, business documentation, and website and searched for connections. They were able to categorize 18 VPN programs into three groups mostly by spotting suspicious code similarities.
VPN Monster, VPN Proxy Master, VPN Proxy Master Lite, Snap VPN, Robot VPN, SuperNet VPN, Turbo VPN, and Turbo VPN Lite are all members of Family A. Three providers—Innovative Connecting, Lemon Clove, and Autumn Breeze—were discovered to share these. All three have been connected to Qihoo 360, a mainland Chinese corporation that the US Department of Defense has designated as a "Chinese military company."
Global VPN, XY VPN, Super Z VPN, Touch VPN, VPN ProMaster, 3X VPN, VPN Inf, and Melon VPN are all members of Family B. The IP addresses used by these eight services, which are distributed among five providers, come from the same hosting provider.
Fast Potato VPN and X-VPN are members of Family C. The researchers discovered that both of these apps employed very similar code and used the same bespoke VPN protocol, despite the fact that they are from separate providers.
.jpeg)
