New Research Links VPN Apps, Highlights Security Deficiencies
securityweek
Nearly two dozen VPN applications in Google Play contain security weaknesses impacting the privacy of their users, exposing transmitted data to decryption, a new Citizen Lab report shows.
Furthermore, the VPN providers that offer these applications can be linked to one another, although they claim to be separate entities and use various means to hide their true identities.
Starting from previous reports linking Innovative Connecting, Autumn Breeze, and Lemon Clove, three VPN providers claiming to be based in Singapore, to a Chinese national, Citizen Lab’s analysis identified additional connections between their applications, and linked other VPN apps and their providers.
According to Citizen Lab’s report (PDF), eight VPN applications from Innovative Connecting, Autumn Breeze, and Lemon Clove share code, dependencies, and hardcoded passwords, potentially allowing attackers to decrypt the traffic of their users. These apps have over 380 million combined downloads in Google Play.
All three companies, which ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE