Skip to main content

Are Free VPN Apps Worth the Risk? Experts Say 'No'

The Google Play app store holds about 250 Android apps that provide access to virtual private network (VPN) services.

The bad news? Many of these VPN apps could actually be sabotaging your security and privacy. A recent study by U.S. and Australian researchers found that many Android VPN apps were potentially malicious, let third parties spy on "secure" transmissions, tracked users or just plain didn't work.

Credit: Kevin Frayer/Getty

(Image credit: Kevin Frayer/Getty)

It might be easy to disregard all VPN apps, clients and services as too risky. But would that be a fair assessment? A number of free VPN apps and services are offered by reputable antivirus companies and desktop VPN providers, although most of those have some level of paid service. With that in mind, are any free VPN services worth the potential security risks?

MORE: The Best VPN Services and Apps (Including Free Options)

It depends, said Joe Carson, chief security scientist with Thycotic, an information-security provider based in Washington, D.C.

"VPNs are safer than doing nothing," Carson said. But he added that if you are trying out a new VPN service or app, you have to do your homework.

That includes investigating the origin of the VPN service — you probably want to skip any from China, Russia or other countries with a dubious security history, Carson said — and sticking with vendors you are familiar with and trust. (Some privacy experts put the United States on that list of untrustworthy countries, a fair argument given the scope of the NSA surveillance tools leaked by Edward Snowden.)

Nothing is ever really free

However, Ryan O'Leary, vice president of the Threat Research Center at WhiteHat Security in Santa Clara, California, is more skeptical.

"I don't think VPN apps are secure, especially free ones," O'Leary said. "The lower the cost of the app, the greater the chance they have security problems."

App developers want to make money, he said, but on a VPN app, you can't really be sure how that's happening.

"At best," O'Leary said, "they are using ads to earn income. At worst, they are selling your private information."

"The lower the cost of the app, the greater the chance they have security problems." -- Ryan O'Leary, Threat Research Center at WhiteHat Security

In fact, he said, "free" should be a red flag when it comes to VPN apps and services. Unscrupulous app developers may utilize users as end points or for extra bandwidth to support other customers.

"It's expensive to run a VPN," O'Leary said. "There's a good chance that someone else is using your connection."

The most serious risk of free VPN apps is that you may lose control of your data. A VPN service is supposed to encrypt your data stream from your device all the way to the service's servers, at which point it enters the open internet. But a shady or poorly configured service could compromise your traffic, either by design or by accident, or could even piggyback on your encrypted connection for nefarious purposes.

"Your data could be intercepted or decrypted," said Mat Gangwer, chief technology officer with Rook Security in Indianapolis. "Bad guys could be using your connection for shady activities or to cover their tracks."

How to pick a VPN app

Are free VPN apps and services worth that risk? The experts agree: No, unless you are confident the free app is extremely trustworthy.

If you can find a paid VPN app, or one that has in-app purchases for higher levels of service, consider that option instead. We recently reviewed several VPN apps and services, and the paid Private Internet Access ($7 per month or $40 yearly) took the top spot. The runner-up option, CyberGhost, is also paid at $60 per year.

Paid doesn't guarantee secure, but even partially paid apps are often more protective of your data and give more software updates than free options.

Better yet, stick with apps made by well-known desktop VPN service providers or antivirus-software makers. All will include in-app purchases, or some other kind of paid subscription, to use the higher tiers of service, but many will give you a certain amount of free VPN usage per month.

"Bad guys could be using your connection for shady activities or to cover their tracks." -- Mat Gangwer, chief technology officer with Rook Security

Reputable partly-free VPN services include CyberGhost, Avast's SecureLine VPN and Avira's Phantom VPN. There's also F-Secure's Freedome VPN; it costs $6 per month to use, but was singled out as being especially trustworthy by the authors of the VPN-app research paper we mentioned earlier.

However, if you still want to use a completely free VPN app, do your research, the experts advised. Investigate the service provider's reputation, and see where it is located. Some are based in offshore banking havens such as Panama and the British Virgin Islands, which may be great if you want to hide money, but might not be so great if you're unhappy with your VPN service and want your money back.

Question the permissions requested by the app — for example, would a VPN app really need permission to access your phone number or text messages? Read user reviews, especially the less-than-stellar ones, to find out which problems and concerns other users had.

"When done correctly, VPNs are a good option," said O'Leary. "But never forget that, in the end, you get what you pay for."

Best VPN Services and Apps

  • James_carton00
    Not a risk because of every company of VPN if it free or paid is first priority is to secure the privacy and protection to our customer. The Just difference between free and paid VPN is major differ is a Free VPN has maximum 5 servers allow and the Paid VPN is too many servers that are paid VPN is Highly protected then Free VPN.
  • ZachGold
    that's why we have the paid variety like ivacy, express, nord and others. nothing's really free if you understand. there are costs to operate servers and stuff and i'm guessing anyone can assume that.
  • Seankay
    I would say that the experts are right and certainly "in the end, you get what you pay for."! Recently a report by CSIRO revealed that most of the VPN providers are using malware to track users' data down in this report ( and if you notice the brands, then you'll definitely find that most of these are free services!
    Another string case about free VPNs came out last year where Hola was accused of using its users as exit nodes. So it is absolutely true that using a free VPN service is never a reliable or safe option. They can be a huge threat to your privacy and even your security. You can never be too sure about whether they are legit or merely honeypots ( so, I think the experts are right about the fact that Free VPN apps do not worth the risk at all!
  • Brandyrt
    I personally use IPVanish, please don't consider this as an advertising. It's a popular paid application, but you'll be sure that everything is safe
  • schwatzz
    I think Cyber Ghost VPN offers a free service that is considered to be quite "trustworthy".
  • mraroid
    I used a paid VPN called TunnelBear. Should I worry?

  • Dark Lord of Tech
    Always use a well known PAID , FREE is free for a reason , not good protection.
  • maikutech
    I agree with blackbird on that one if you want to go the paid vpn route just be sure to look at their track record that matches up with company/user praises and complaints.