Slashdot Mirror

← Back to Stories (view on slashdot.org)

Many Free Mobile VPN Apps Are Based In China Or Have Chinese Ownership

Posted by BeauHD on from the public-service-announcement dept.

A new study has found that more than half of the top free mobile VPN returned by Play Store and App Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy. "Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal. ZDNet reports: The researcher says he analyzed the top 20 free VPN apps that appear in searches for VPN apps on the Google and Apple mobile app stores, for both the US and UK locales. He says that 17 of the 30 apps he analyzed (10 apps appeared on both stores) had formal links to China, either being a legally registered Chinese entity or by having Chinese ownership, based on business registration and shareholder information Migliano shared with ZDNet.

The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. Almost half of the free VPN apps also appeared to take the privacy policy as a joke, with some hosting the policy as a plain text file on Pastebin, AWS servers, or raw IP addresses, with no domain name. In addition, 64 percent of the apps also didn't bother setting up a dedicated website for their VPN service, operating strictly from the Play Store.

33 of 67 comments (clear)

  1. Why is anyone surprised? by Anonymous Coward · · Score: 1

    If you haven't figured out by now that Android and its parts are nothing but crap-laden spyware, you probably never will. Until something happens to you.

  2. How about Proton? by goombah99 · · Score: 2

    I think proton is swiss?

    --
    Some drink at the fountain of knowledge. Others just gargle.
  3. Re:Of course they are by jpkeating3 · · Score: 3

    Is this a new low? One germane comment. The second uses the subject as an excuse for politics, then massive explosion, with shards of illogic and ill will scattered across the screen. I was hoping for something informative on privacy vs. privacy risks, and tips on VPNs (I may need one for future work). Slashdot these days clearly posts topics designed to encourage rants, not discussions; unfortunately, that bleeds over into technical stories as well. Nothing to read here today.

  4. Chinese have a reason for a VPN by jrumney · · Score: 1

    It seems like standard supply-demand economics at play here. Demand for VPNs is especially strong in markets where the government is blocking access to popular overseas services, so it makes perfect sense that the companies offering them would pop up in the same place.

    1. Re:Chinese have a reason for a VPN by Aighearach · · Score: 2

      You might have an childish and absurd concept of how business works in China, and how Chinese companies get started and get positioned in the marketplace. Also, how the internet works in China.

      I'll give you a hint: The Great Firewall is not stateless.

    2. Re:Chinese have a reason for a VPN by Anonymous Coward · · Score: 1

      It seems like standard supply-demand economics at play here. Demand for VPNs is especially strong in markets where the government is blocking access to popular overseas services, so it makes perfect sense that the companies offering them would pop up in the same place.

      Yeah that sounds like a perfectly safe business model. That government is SO STUPID they would have never thought of anyone trying to circumvent their blocking. Oh, what's that? The entities doing the circumvention are within Chinese jurisdiction? Nah, nothing could possibly go wrong with that!

    3. Re:Chinese have a reason for a VPN by Anonymous Coward · · Score: 1

      What's most important about China is that they don't give a shit about hate speech laws (Europe) or the DMCA (America). As long as you don't mess with the Chinese leadership or certain political topics (Taiwan), you can say almost anything.

      So it makes perfect sense to have VPNs in China. Pirates are interested in obtaining movies/music/software and don't care about China. The people who run afoul of hate speech laws care less about China than their local politics.

    4. Re:Chinese have a reason for a VPN by pnutjam · · Score: 1

      Plausible, but this definitely sounds like propaganda to me.

      --
      Cheap storage VM.
  5. To quote the Orange Guy: by Tablizer · · Score: 1

    Jiiina!

    --
    Table-ized A.I.
  6. This is a surprise? by rainwalker · · Score: 1

    Who did people think were paying for the servers and bandwidth? If you're not paying, then you're not the customer. Real VPN providers are cheap; if you don't spring the couple bucks a year that one of them costs, well, you sort of deserve what you get.

    1. Re:This is a surprise? by cascadingstylesheet · · Score: 2

      Who did people think were paying for the servers and bandwidth? If you're not paying, then you're not the customer. Real VPN providers are cheap; if you don't spring the couple bucks a year that one of them costs, well, you sort of deserve what you get.

      So if one of these starts charging a couple of bucks a year, you'll think it's legit?

      How do you know that hasn't already happened? They could be vacuuming all your data and charging you for the privilege ...

      That's the problem with trust; it's not simple. For example, why should I trust some random guys in Switzerland? Or why should I trust some guy who rolled his own Firefox fork? I may want to, but why should I? It will be because of some vague trust marks of some kind.

  7. Lemmee get this straight by Snotnose · · Score: 2

    I use a VPN to download music/movies while keeping my ISP off my back. Who could possibly care less than I do about Copyright?

    Oh yeah, that would be the Chinese.

  8. Wrong target audience by Anonymous Coward · · Score: 1

    The study authors seem to be under the impression that these privacy policies (or lack thereof) are directed at people installing the apps. Can't imagine what gave them this idea. The policies are there (or not) for the customers - the advertisers and the state actors, and for them they are close to perfect.

  9. You get what you pay for by hyades1 · · Score: 2

    I'm normally pretty contemptuous of the snide, know-it-all geektards who infest places like Linux help forums. You go there for help when you're just starting out with some kind of software, and you get sneered at and disparaged for asking simple questions.

    But this is a bit different. If you're computer savvy enough to know why you need a VPN, you already know enough to figure out why some are better than others. Even few minutes of research should tell you what you need to look for in the policies and practices of any VPN you're thinking of entering a relationship with.

    What you see right up front should tell you that some of the free ones, especially if they're owned by the Chinese (who seem dedicated to making Big Brother look like a Libertarian), are a bad, bad idea. They're probably worse than nothing at all, actually, because like a leaky condom, they're just going to give you a false sense of security while you're getting screwed.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
    1. Re:You get what you pay for by DNS-and-BIND · · Score: 2

      I'm curious: how are they going to screw me, exactly? Let's say for some bizarre reason the Chinese government wanted to trick me into installing a free VPN and then somehow use it against me. What form could that possibly take?

      From where I'm sitting, I have far more to fear from my own government than the Chinese. The only reason they even set up these free VPNs is to keep track of their own people who use VPNs to vault the Great Firewall. As long as I'm not involved in attempting to overthrow the Communist Party, how would they even be interested in me? Heck, I can go years between even doing anything remotely relating to China or its government. I write snarky comments once in a while, but the CPC doesn't give a shit about anything anyone writes in English.

      On the other hand, the US intelligence community regards the American people as the enemy. Why else do they spend such tremendous efforts to spy on us?

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    2. Re:You get what you pay for by hyades1 · · Score: 1

      They have exactly the same reason to be interested in you as the US intelligence community...that is to say, no reason today. Tomorrow? Well, some of us, at least, aspire to become more influential in the future than we are now.

      --
      I've calculated my velocity with such exquisite precision that I have no idea where I am.
    3. Re:You get what you pay for by hyades1 · · Score: 1

      All excellent points. The cretin you are addressing with this doesn't seem to understand anything that involves considering not just what's happening in front of one's face, but what can reasonably be extrapolated from it.

      --
      I've calculated my velocity with such exquisite precision that I have no idea where I am.
  10. Not necessarily spyware by Anonymous Coward · · Score: 1

    Most Chinese users uses VPN regularly not for privacy or even hiding their copyright infringing habits. They use it for side-stepping geo restrictions so they can watch videos on youtube, download games in Japan playstore, activate Steam keys from Russia, etc. So anonymity wasn't a concern.

    Of course I'm sure many of these apps are spyware, but some are just careless and not malicious. I know of people who ran their own free VPN by renting VPS overseas and installing some vpn server they found online, and then made some basic apps to make some of the cost back thru ads. It was crude and insecure, plus it was stupid and they got into trouble with the law due to the vpn ban, but it wasn't malicious.

  11. Re:I hate /. bullies like ZIP & c6gunner... ap by Zontar+The+Mindless · · Score: 1

    Please mod parent up.

    --
    Il n'y a pas de Planet B.
  12. Chinese government VPNs are good for Chinese by aberglas · · Score: 1

    My daughter had a Chinese friend contact her on Instagram, which required a VPN. Nothing sinister, just chat. If I were Chinese and using a VPN, I would want to use one that is probably monitored by the government so that they do not think I am doing something hostile to them.

    If I was doing something hostile I would not use any VPN at all, and be very, very wary of anything I did use. Using a VPN is flashing a bright beacon. Using a non-Chinese VPN is adding a siren to the beacon.

    1. Re:Chinese government VPNs are good for Chinese by Aighearach · · Score: 1

      They definitely track which devices are owned by foreigners, and let foreigners use foreign VPNs, but I think last year they started turning off access for Chinese-owned devices. It would seem to be unwise to be the owner of a device that gets restricted.

  13. Re: Of course they are by TimMD909 · · Score: 1

    It's infecting everything. I was looking up Doctrine API info the other day when I noticed a dark twist in examples. The two recent ones have gender selection and blacklists as examples. All the ones before were relatively chilled out normal cat/dog/whatever examples.

  14. Fearmongering about China by jodido · · Score: 1

    I guess the implication of this article is that there's something bad or dangerous about the fact that these apps are Chinese in origin or ownership. But why is that worse than anywhere else? Do the big US internet companies not work closely with the US government? Or the UK? Why is it that if it's Chinese it's sinister? Fu Manchu is dead.

  15. Re: Of course they are by dilvish_the_damned · · Score: 1

    OMG were you in a coma?

    --
    I think you underestimate just how much I just dont care.
  16. Are they safe? by MancunianMaskMan · · Score: 2
    is anyone reminded of the creepy feeling in Marathon Man where he is "rescued", driven round the block and asked some questions, and then returned to his captors; it turns out that it was all part of a plan?

    Here's a VPN to set you free from government intrusion.OK it's illegal but we're getting away with it. Go on, you can speak your mind now!

  17. Re:Of course they are by The+Cynical+Critic · · Score: 1

    Alternatively it's do with how Chinese citizens have the Great Firewall of China to contend with. Compared to countries where people don't have something like that to contend with Chinese citizens are obviously going to be more interested in VPNs and other techniques to go around it, hence a lot of Chinese VPN services.

    Oh and a population of that exceeds the population of the U.S by over a billion...

    --
    "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."
  18. How are they going to screw you... by Immerial · · Score: 1

    You are installing basically an 'untrusted' app voluntarily. They could use the app to compromise your phone, use it to spy on the things around you, use up your phone's resources, etc., etc.

    I also never understood the acceptance of the false choices that people give on this... "I'm going to be pwned anyways. Might as well be pwned by China." ...er, what about not choosing to be pwned? Have you tried that? A laissez-faire attitude towards security never ends well.

    1. Re:How are they going to screw you... by DNS-and-BIND · · Score: 1

      You failed to address the question so I'll repeat it: " Let's say for some bizarre reason the Chinese government wanted to trick me into installing a free VPN and then somehow use it against me. What form could that possibly take?"

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  19. It should bother you. by Immerial · · Score: 1

    They may not come after you but they might come after your country or your business that you work for. What if China applies a little more pressure to one of these VPN companies to add a little more to their network code. Boom... your phone could be sending out malicious network packets on your local network, used in a denial of service attack, used to compromise other machines on your network. Maybe not your specific machine but it could affect the things and people around you. I feel like I'm talking to an anti-vaxer... "So what if my child isn't vaccinated?".

  20. The App Itself? by Immerial · · Score: 1

    You are installing a VPN app on your phone. An app can do many things. Even at the simplest level... you've given it permission to handle network traffic b/c it's a VPN app. It could send malicious packets, do denial of service attacks, relay local traffic, be used as a way to exploit local machines on your network, etc. You and your phone might not contain anything you are worried about... but what about everything around you? Sorry, what am I missing? I'm not sure why this seems unclear. I'm not being sarcastic... I still don't know how that would NOT be bad.(?)

    1. Re:The App Itself? by DNS-and-BIND · · Score: 1

      Yes, I get that. Let's say they know every packet on my phone and every keystroke. What can the Chinese government DO with that? How would they use it against me? It seems to me that they're not interested in me at all. They're only doing this free VPN stuff to entrap their own people who are trying to leap the Great Firewall.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    2. Re:The App Itself? by hyades1 · · Score: 1

      You're wasting your time on this guy. He's one of those people with a one-track mind who can't see anything beyond what's three inches in front of his nose. I'd call him an idiot, but that would both insult idiots and underrate his monomania.

      --
      I've calculated my velocity with such exquisite precision that I have no idea where I am.
  21. Re:Of course they are by pnutjam · · Score: 1

    My recommendations, PIA if you don't mind a US based VPN. Should be fine for torrenting or privacy as there is no indications they keep logs that can be subpoenaed.
    AirVPN if you want a European based VPN.
    Not sure about non-five eyes VPN's. They are generally based in jurisdictions with little oversight and that can have negatives as well as positives. It's never been an issue for me.

    --
    Cheap storage VM.