true77
Study reveals connections among Google Play Store VPNs
A study has found that over 20 VPN apps on the Google Play Store share the same code bases and infrastructures, despite presenting themselves as independent services. Together, these apps represent 20% of the top 100 VPNs downloaded on the platform, with an incredible 700 million users.
Hidden connections and vulnerabilities detected
The research, conducted by Citizen Lab at the University of Toronto, identified these apps into three VPN groups, some with links to Russia and China. Investigators used corporate records and forensic analysis of Android APK files to uncover the hidden connections.
Group A was linked to Innovative Connecting, Autumn Breeze, and Lemon Clove, and included big names like Turbo VPN, VPN Proxy Master, and Snap VPN – all sharing identical code and resources. Group B, connected to Matrix Mobile, ForeRaya Technology, and Wildlook Tech, managed XY VPN, 3X VPN, and Melon VPN, which used the same VPN addresses. Group C, composed of Fast Potato and Free Connected Limited, controlled Fast Potato VPN and X-VPN.
In addition to the lack of transparency, the study found serious security issues. Some apps reused login credentials for ShadowSocks, a tool to bypass firewalls. Others relied on outdated encryption algorithms, leaving users more vulnerable. The most concerning issue was that all three VPN groups were vulnerable to blind on-path attacks – meaning hackers on the same network, like public Wi-Fi, could intercept traffic without either party noticing.
