Are Free VPN Apps Worth the Risk? Experts Say 'No'

The Google Play app store holds about 250 Android apps that provide access to virtual private network (VPN) services.

The bad news? Many of these VPN apps could actually be sabotaging your security and privacy. A recent study by U.S. and Australian researchers found that many Android VPN apps were potentially malicious, let third parties spy on "secure" transmissions, tracked users or just plain didn't work.

Credit: Kevin Frayer/GettyCredit: Kevin Frayer/Getty

It might be easy to disregard all VPN apps as too risky. But would that be a fair assessment? A number of free VPN apps are offered by reputable antivirus companies and desktop VPN providers, although most of those have some level of paid service. With that in mind, are free VPN apps worth the potential security risks?

MORE: The Best VPN Services and Apps (Including Free Options)

It depends, said Joe Carson, chief security scientist with Thycotic, an information-security provider based in Washington, D.C.

"VPNs are safer than doing nothing," Carson said. But he added that if you are downloading an Android app, you have to do your homework.

That includes investigating the origin of the VPN app — you probably want to skip any from China, Russia or other countries with a dubious security history, Carson said — and sticking with vendors you are familiar with and trust.

Nothing is ever really free

However, Ryan O'Leary, vice president of the Threat Research Center at WhiteHat Security in Santa Clara, California, is more skeptical.

"I don't think VPN apps are secure, especially free ones," O'Leary said. "The lower the cost of the app, the greater the chance they have security problems."

App developers want to make money, he said, but on a VPN app, you can't really be sure how that's happening.

"At best," O'Leary said, "they are using ads to earn income. At worst, they are selling your private information."

"The lower the cost of the app, the greater the chance they have security problems." -- Ryan O'Leary, Threat Research Center at WhiteHat Security

In fact, he said, "free" should be a red flag when it comes to VPN apps. Unscrupulous app developers may utilize users as end points or for extra bandwidth to support other customers.

"It's expensive to run a VPN," O'Leary said. "There's a good chance that someone else is using your connection."

The most serious risk of free VPN apps is that you may lose control of your data. A VPN service is supposed to encrypt your data stream from your device all the way to the service's servers, from where it enters the open internet. But a shady or poorly configured service could compromise your traffic, either by design or by accident, or could even piggyback on your encrypted connection for nefarious purposes.

"Your data could be intercepted or decrypted," said Mat Gangwer, chief technology officer with Rook Security in Indianapolis. "Bad guys could be using your connection for shady activities or to cover their tracks."

How to pick a VPN app

Are free VPN apps worth that risk? The experts agree: No, unless you are confident the free app is extremely trustworthy.

If you can find a paid VPN app, or one that has in-app purchases for higher levels of service, consider that option instead. We recently reviewed several VPN apps and services, and the paid IPVanish ($10 per month or $78 yearly) took the top spot. The runner-up option, Avast Secureline VPN, is also paid at $59.99 per year.

Paid doesn't guarantee secure, but even partially paid apps are often more protective of your data and give more software updates.

Better yet, stick with apps made by well-known desktop VPN service providers or antivirus software makers. All will include in-app purchases, or some other kind of paid subscription, to use the higher tiers of service, but many will give you a certain amount of free VPN usage per month.

"Bad guys could be using your connection for shady activities or to cover their tracks." -- Mat Gangwer, chief technology officer with Rook Security

Reputable partly free VPN services include Avast's SecureLine VPN and Avira's Phantom VPN There's also F-Secure's Freedome VPN; it costs $6 per month to use, but was singled out as being especially trustworthy by the authors of the VPN-app research paper we mentioned earlier.

However, if you still want to use a completely free VPN app, do your research, the experts advised. Investigate the vendor's reputation, and see where it is located. Question the permissions requested by the app – for example, would a VPN app really need permission to access your phone number or text messages? Read user reviews, especially the less-than-stellar ones, to find out which problems and concerns other users had.

"When done correctly, VPNs are a good option," said O'Leary. "But never forget that, in the end, you get what you pay for."

Create a new thread in the Antivirus / Security / Privacy forum about this subject
This thread is closed for comments
8 comments
    Your comment
  • James_carton00
    Not a risk because of every company of VPN if it free or paid is first priority is to secure the privacy and protection to our customer. The Just difference between free and paid VPN is major differ is a Free VPN has maximum 5 servers allow and the Paid VPN is too many servers that are paid VPN is Highly protected then Free VPN.
    0
  • ZachGold
    that's why we have the paid variety like ivacy, express, nord and others. nothing's really free if you understand. there are costs to operate servers and stuff and i'm guessing anyone can assume that.
    0
  • Seankay
    I would say that the experts are right and certainly "in the end, you get what you pay for."! Recently a report by CSIRO revealed that most of the VPN providers are using malware to track users' data down in this report (https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf) and if you notice the brands, then you'll definitely find that most of these are free services!
    Another string case about free VPNs came out last year where Hola was accused of using its users as exit nodes. So it is absolutely true that using a free VPN service is never a reliable or safe option. They can be a huge threat to your privacy and even your security. You can never be too sure about whether they are legit or merely honeypots (https://www.purevpn.com/blog/free-vpnsproxies-as-honeypots/) so, I think the experts are right about the fact that Free VPN apps do not worth the risk at all!
    0