Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps

[g2s at riseup.net (Razer)]

A little old, but many of these "VPNs" are still probably insecure... 
For the record, from August 2016:

> Millions of users worldwide resort to mobile VPN clients to either 
> circumvent censorship or to access geo-blocked con-tent, and more 
> generally for privacy and security purposes. In practice, however, 
> users have little if any guarantees about the corresponding security 
> and privacy settings, and perhaps no practical knowledge about the 
> entities accessing their mobile traffic. In  this  paper  we  provide  
> a  first comprehensive  analysis of 283 Android apps that use the 
> Android VPN permission, which we extracted from a corpus of more than 
> 1.4 million apps  on  the  Google  Play  store.
>
> We  perform  a  number  of passive and active measurements designed to 
> investigate a wide range of security and privacy features and to study 
> the behavior of each VPN-based app.  Our analysis includes 
> investigation of possible malware presence, third-party library 
> embedding, and traffic manipulation, as well as gauging user 
> perception of the security and privacy of such apps. Our experiments 
> reveal several instances of VPN apps that expose users to serious 
> privacy and security vulnerabilities, such as use of insecure VPN 
> tunneling protocols, as well as IPv6 and DNS traffic leakage.   We 
> also report on a number of apps actively  performing  TLS  
> interception.  Of  particular  concern are instances of apps that 
> inject JavaScript programs for tracking, advertising, and for 
> redirecting e-commerce traffic to external partners.

16 page pdf: 
https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf

https://dl.acm.org/citation.cfm?doid=2987443.2987471