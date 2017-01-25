Viruses, Spyware Found in 'Alarming' Number of Android VPN Apps (abc.net.au) 23
When the Federal Court blocked access to file-sharing websites like The Pirate Bay last December, VPN (Virtual Private Network) providers reported a surge in subscription rates. Australian company Vanished VPN said its subscription rates had doubled in the past six months and VPN Unlimited said it had seen a 12.5 percent monthly jump since the court's decision. People were using VPN services to access the blocked sites because they masked their location -- allowing users to get around any website blocks or restrictions. But if you're one of those people, you might want to take a closer look at the service you're using -- especially if you've got an Android device. From a report: A team from CSIRO's Data 61, University of NSW and UC Berkley in the US found a whole bunch of Android VPN apps contain viruses, spyware and other adware. Researchers analyzed the apps available for Android to look for nasties like trojans, spyware and adware -- giving each an "anti-virus rank (AV)" based on what they found. The lower the rank, the better. They found of the 283 apps they analyzed, 38 percent contained malware or malvertising (malicious advertising containing viruses).
Built in VPN client (Score:1)
So why don't people just use the built in VPN client?
Re: (Score:3)
How to Use Android’s Wi-Fi Assistant to Safely Connect to Public Wi-Fi Networks (and Save Data) [howtogeek.com]
There is no need for a third party VPN app. Just use the Google managed VPN in Android. This can be used automatically when you use a public WiFi hotspot.
Manager: how do you measure leadership?
Tech: with a suitably designed test instrument.
Re: (Score:2)
Because the mal-service providers don't use standard VPN protocols - their service, their app.
Re: (Score:2)
A VPN is a wonderful thing in terms of keeping undesirables out of the traffic between the endpoint device and the VPN provider(with some limited exceptions involving faulty implementation, obsolete protocols, or sneaky traffic analysis of unpadded VPN links); but whoever is terminating the VPN for you is a very, very, trusted party.
If your provider is so sleazy that there is malware in the client you are definitely screwed; but
Re: (Score:2)
Because there may be hundreds of different servers you can connect to?
My VPN provider (IPVanish) has servers in many different countries, and in the larger ones, they often have 3-4 in various geographic regions. This results in a list of 300-400 servers. So they have an app that helps you manage the list - you log in, pick a server and the app goes and installs a configuration to use the native (they support LLTP, PPTP and OpenVPN) VPN client with the de
There's always OpenVPN (Score:3)
OpenVPN has clients for both iOS and Android. The Android client source is open, allowing for code review. Unfortunately, due to NDA with Apple, the iOS source isn't as open, but it is written by the same people that write the open source OpenVPN code.
Re: (Score:2)
That depends on the service doesn't it. OpenVPN is a client / server. Whether or not you can use it for your service is an entirely different question.
Link to Paper (Score:2)
Source of the apps (Score:2)
The article is not very clear as to from where these VPN apps are being downloaded.
Are these (or were these) apps available on Google's/Android's native App store, or did the user have to enable a third-party repository to get these programs?
If the former, this is a fairly serious indictment of Google's policies, which should not only check to see if publishers are loading up their apps with spyware/trojans, but also determine a basic fitness test on the program (does it actually do what they say it does)?