Free Android VPN Applications Are Not Secure

Posted on the 06 April 2024 by Silverhanna

If you are looking for Internet privacy and security or need to avoid geo blocking you probable heard about VPN applications for Android.

We have already discussed what is the difference between free and paid vpn solution and sure paid services must be more reliable.

Recent study confirm that: most free Android vpn applications are not really safe and secure.

"Our experiments reveal several instances of VPN apps that expose users to serious privacy and security vulnerabilities, such as use of insecure VPN tunneling protocols, as well as IPv6 and DNS traffic leakage,"

said researchers Muhammad Ikram , Narseo Vallina-Rodriguez , Suranga Seneviratne , Mohamed Ali Kaafar and Vern Paxson, representing Australia's Commonwealth Scientific and Industrial Research Organization (AU-CSIRO), the University of South Wales, and the International Computer Science Institute at the University of California at Berkeley.

"We also report on a number of apps actively performing TLS interception. Of particular concern are instances of apps that inject JavaScript programs for tracking, advertising, and for redirecting e-commerce traffic to external partners,"

they said.

"Both the lack of strong encryption and traffic leakages can ease online tracking activities performed by inpath middleboxes (e.g., commercial WiFi APs harvesting user's data) and by surveillance agencies,"

the researchers wrote.

Lack of Encryption and traffic leaks: 18% of the VPN apps implement tunneling protocols without encryption despite promising online anonymity and security to their users. In fact, approximately 84% and 66% of the analyzed VPN apps do not tunnel IPv6 and DNS traf- fic through the tunnel interface respectively due to lack of IPv6 support, misconfigurations or developer-induced errors. Both the lack of strong encryption and traffic leakages can ease online tracking activities performed by inpath middleboxes (e.g., commercial WiFi APs harvesting user's data) and by surveillance agencies.

In-path proxies and traffic manipulation: 16% of the analyzed VPN apps deploy non-transparent proxies that modify user's HTTP traffic by injecting and removing headers or performing techniques such as image transcoding. However, the artifacts implemented by VPN apps go beyond the typical features present in HTTP proxies. We identified two VPN apps actively injecting JavaScript code on user's traffic for advertisement and tracking purposes and one of them redirects e-commerce traffic to external advertising partners

All we can recommend is not using any android vpn application but just setup vpn connection manually.

It takes a few minutes and you can be sure you are protected and safe.

How to setup VPN in Android without Application

Sahrzad VPN setup Guides for Android tablets, smartphone, and others

Below you can find Sahrzad VPN setup guide for Android devices.

To make a new vpn connection on your device with Android OS you need to follow the next instructions.

To create new vpn tunnel

2. Select Wireless & Networks and tap on VPN

3. Tap Add VPN Network

4. Input connection name (Sahrzad VPN), select the type of your VPN connection - PPTP VPN, input VPN server address from your account data.
Please be carefully - don't use any additional symbols like spaces, http://, www, / ...etc in the server address.

5. Input your Username and password that you received from VPN account service in e-mail.
Save it and tap Connect


For connection to vpn server:

  1. Select Home > Menu > Settings
  2. Tap Wireless & networks
  3. Tap VPN settings
  4. The VPN connections you have added are present in the list
  5. Tap the VPN you wish to connect to (Sahrzad VPN)
  6. A dialog box will open asking for your credentials, enter them and click connect

When you are connected to VPN, you will see an ongoing notification in the Status bar on your Android device. If you are disconnected, you will receive a notification and an option to go back to the VPN settings section.

Once you have created vpn connection you can switch it on and off on the main settings screen.

Sahrzad L2TP/IPSec VPN setup Guides for Android tablets, smartphone, and others

Below you can find Sahrzad VPN L2TP/IPSec setup guide for Android devices.

To make a new vpn connection on your device with Android OS you need to follow the next instructions.

To create new vpn tunnel

4. Tap + icon on the bottom

5. Choose L2TP/IPSec PSK from Type menu. Input Server address.
Input in IPSec pre-shared key field - secret.

6. Server address must be exactly as in your account data (without http://, www or any other symbols)
Tick 'Show advanced options' and enter in DNS servers field 8.8.8.8

Please be carefully - don't use any additional symbols like spaces, http://, www, / ...etc in the server address.

7. Save the settings and tap on the connectin name

8. Input your VPN Username and Password and tick to save it

For connection to vpn server:
  1. 1. Select Home > Menu > Settings
  2. 2. Tap Wireless & networks
  3. 3. Tap VPN settings
  4. 4. The VPN connections you have added are present in the list
  5. 5. Tap the VPN you wish to connect to (Sahrzad VPN)
  6. 6. A dialog box will open asking for your credentials, enter them and click connect

When you are connected to VPN, you will see an ongoing notification in the Status bar on your Android device. If you are disconnected, you will receive a notification and an option to go back to the VPN settings section.
Once you have created vpn connection you can switch it on and off on the main settings screen.