A recent report published by researcher Andy Michael on VPNtesting has revealed that several highly popular VPN apps on Android, all of which are available through the Google Play Store, are packed full of intrusive adware. Not only will these offending apps run ads while open, but they’ll even cause ads to pop-up on mobile devices’ home screens when the apps are closed.
The Problem with Adware in Certain VPN Apps on Android
The problem with ad pop-ups on these particular VPN apps isn’t necessarily that they have ads in the first place. Indeed, plenty of apps have ads built-in and rely on them to generate revenue. The problem is that these particular apps evidently carry adware which then infect mobile devices after installation. According to the report, full-screen ads often pop up, even when the apps aren’t open; all potential cases of ‘outside ad fraud’.
Not only is this potentially fraudulent, but the ad pop-ups place additional strain on the device’s battery life. This makes it less efficient and can also keep the phone’s CPU running needlessly. In this case, the four offending apps were Hotspot VPN, Free VPN Master, Secure VPN, and CM Security.
Along with these VPN services, an adware program also has turned out to be infected with adware. The program in question is called Applock AntiVirus. This is quite ironic, given that the program is supposed to help prevent pop-ups.
Troublingly, while these apps may not be the most well-known, they still have a combined total of over 500 million downloads; meaning that hundreds of millions of mobile devices may now be carrying their adware.
What is also troubling is that some of these apps appear to be highly rated. For example, Applock Antivirus has a rating of more than 4 stars on Google Play, and received ratings from more than 8,700 users. Hotspot VPN also has received more than 8,400 ratings on Google Play. The average rating comes out to 4 stars.
Many users glance over ratings and reviews when deciding whether to download an app. One would think that an app which has more than 8,000 ratings and an average rating of more than 4 stars would be trustworthy. But all of this goes to show that one cannot necessarily trust the reviews on Google Play any more than one can trust these adware-infected apps.
So, this is a good reminder to users to do extra research when investigating apps to download. Sometimes, even when a product appears to be legitimate, it isn’t, or has been compromised in some way.
Problems with the Google Play Store Allowing Fraudulent Apps
Furthermore, the report found that all of the apps appear to have originated in China and Hong Kong. In fact, two even had almost identical code (Free VPN Master and Hotspot VPN). This suggests that they may be the work of the same developer; a person or persons aiming to spread adware via multiple apps. Indeed, Hotspot VPN’s name is very similar to Hotspot Shield, a popular and more reputable VPN service. As such, it is likely an intentional similarity to trick consumers into downloading the Hotspot VPN app rather than the intended Hotspot Shield app.
Of course, the worst part is that these apps are all available to download from the Google Play Store; the official app store for Android devices. Consumers searching for, for instance, the best VPN for torrenting, would want to find legitimate VPN options on the official Android app store. Indeed, most mobile users would assume that apps on the Play Store are more reputable than those sourced elsewhere. As such, Google clearly needs to pay much more serious attention to the apps which they are currently permitting on their distribution platform.