You are here

Shopping for a VPN app? Read this.

Share this page

You probably know by now that using your mobile device on the public Wi-Fi network of your local coffee shop or airport poses some risk. Public networks are not very secure – or, well, private – which makes it easy for others to intercept your data. So, what can you do to keep your mobile data private and secure while out and about? Some consumers have started using Virtual Private Network (VPN) apps to shield the information on their mobile devices from prying eyes on public networks. Before you download a VPN app, you should know that there are benefits and risks.  

VPN app basics

How do VPN apps work? When you use a VPN app, data sent from your phone – be it your browsing data or the apps you are using – is routed through servers located elsewhere. A VPN app can make traffic from your phone to a website you visit appear to come from a server operated by the VPN provider, rather than directly from your phone. Some VPN apps also encrypt the data sent between your phone and the VPN server. So, for example, say you are using a public Wi-Fi network that isn’t secure – such as a network that allows anyone to use it, even if they don’t have a password.  Other people on the same network can see your traffic.  But when you use a VPN app that encrypts the data, anyone monitoring your network connection only sees gibberish – even if the particular site you are visiting doesn’t itself employ encryption.

Why would someone use a VPN app? VPN apps tout a variety of uses. Not only do some VPN apps promise to keep your information secure on public networks, but some also claim they will keep your information private from advertisers and other third parties. And because VPN apps route your traffic through another network, they can make it appear as if your traffic is coming from somewhere else.  This is similar to how a company might use a VPN to allow employees to use their work computer as if they were on the company’s network, even while they’re on the road.

What are some privacy and data security concerns about using a VPN app? First, you should be aware that when you use a VPN app, you are giving the app permission to intercept all of your internet traffic. You don’t want to grant such permission lightly. Also, a group of technical researchers who studied almost 300 VPN apps found (link is external) potential privacy and security risks with some VPN apps. According to the study, for example, some VPN apps did not use encryption; some requested sensitive, and possibly unexpected, privileges; and some shared data with third parties for purposes such as injecting or serving ads, or analyzing the data to see how people are using a particular site or service.

Given these findings and the considerable trust you must place in a VPN app with your traffic, here are some things to consider before you download a VPN app.

Before you download a VPN app

  • Research the VPN app before you use it. You are trusting a VPN with potentially all of your traffic. Before you download a VPN app, learn as much about the app as you can. Look up outside reviews from sources you respect. You can also look at screenshots, the app’s description, its content rating, and user reviews, and can do some online research on the developer. The fact that an app promises security or privacy does not necessarily make it trustworthy.
  • Carefully review the permissions the app requests. Apps will present the permissions they request on their app store page, during installation, or at the time they use the permission. It’s useful information that tells you what types of information the app will access on your device in addition to your internet traffic. If an app requests particularly sensitive permissions (reading text messages, for example), consider whether the permission makes sense given the app’s purpose and whether you trust the app developer with that access.
  • Know that not all VPN apps actually encrypt your information. Some VPN apps use protocols that do not encrypt your traffic, or encrypt only some of your traffic. Outside reviews from sources you respect might provide more information about a particular app’s use of encryption.
  • A VPN app generally isn’t going to make you entirely anonymous. Instead, the app will typically obscure the content of your traffic from your internet service provider or public Wi-Fi provider, shifting trust from those networks to the VPN app provider. In addition, sites you visit may be able to determine that you are using a VPN app, and can still use any identifying information you directly share with them (for example, filling out a form with your email address) to track you.
  • VPN apps may share your information with third parties. Many VPN apps are free because they sell advertising within the app, or because they share your information with (or redirect your traffic through) third parties. If you are using the VPN app to keep your traffic private, make sure you review the VPN app’s terms and conditions and its privacy policy to determine if it shares information with third parties such as advertisers, and if so, what information it shares.


Also, please be aware that most VPN companies are not located in the United States. Because of that, they are NOT required to follow U.S. law regarding what they do with your data, or how they treat you as a customer.

All VPN companies, also, have the ability to view ALL of the data you send across their networks!


Great to see that; we did not know it and were thinking of having VPN! THANKS for sharing.This will save us monthly fees and headaches. FYI, we bought on line from a" reputable" company; we paid 20 USD but never received the goods;were told the sellers are overseas; and the company cannot do much... we thought all on-line sellers must be registered in the US and have like a permit/license to sell== a good lesson.

Thank you

I have seen much more need for secured onsite vpn servers (concentrators) than mobile apps. Its a must if you are trying to secure corporate/government information that is centralized. If you are not in control of the endpoint you have no idea what happens to your data when it reaches it. It could be decrypted <-> analyzed and mined <-> encrypted <-> forwarded on to the other client node. I build these quite often and it really makes it difficult for anyone without a distributed key pair to get on the corporate network.

Also, please understand that laws vary across countries where you are connecting to. Is your VPN truly not logging your connection? Some say they are completely anonymous; however, have been known to share certain metadata with local law enforcement and governments.

Additionally, many paid streaming media companies now (e.g., Amazon Prime) are aware of well known (large) VPN providers and trying to access your favorite shows outside the United States may be a problem when travelling.

What about a list of good endpoint servers? Seems to me that for this sort of concern it would be a good idea to host the vpn server in house.

Understanding liability, can you provide the data on the evaluation? If you cannot provide, who has or where are the statistics?

how about all ya all search using Google???? Spoon feeding is not something the FTC i charged with

I hear Trump Enterprises offers VPN services.

how about some info to get the fed's off my back. They use 2nd gen. cellular to connect directly to any device I try to use. I am allowed to use the public library (OH!BOY). 12 years now, and countless attempts at securing my privacy. Nobody seems to care. Guilty by association, for becoming friends with a couple fed parolees.

They do link to www. icir. org/ vern/ papers/ vpn-apps-imc16. pdf. You can also look at 'VPN Comparison Chart' Crucially this item is only about VPN "apps" and not VPN services as a whole

I'm trying to figure out how to find the raw data they amassed on the 300 VPN providers. That raw data should be made available to the community, and would not represent an endorsement of any vendor. Without the raw data, it's not possible to check and verify the paper's results. The raw data would be very valuable for other researchers to draw new and useful conclusion about individual providers and aggregates of providers.
Despite my username, I always tell the truth. Really

Why is an attorney offering computer advice? Are there no computer techies at the FTC? Do they let computer nerds offer legal advice?

Case in point: the author assumes that you need an app to use a VPN. This is not true. There are about 6 or 7 popular types of VPNs. Every operating system supports 2 or three of these types. If a VPN provider offers a type of VPN that is supported by your operating system, no app or extra software is needed.

Why would you trust the government to recommend a VPN? Maybe ask the Only under Obama were the citizens required to buy a 3rd party product <Health care>

What's to stop government institutions from creating their own vpn services?

One of the primary reasons the FTC would not recommend commercial brands of VPN is quite obvious. If the FTC were to recommend a commercial brand and later on that commercial brand was hacked or personal data stolen and used by cyber criminals then the FTC would be vulnerable to lawsuits by consumers and attorneys for originally recommending said commercial product. It would be like the FDA recommending a particular brand of cigarettes over another brand of cigarettes, then when consumers begin to get lung cancer, emphysema and heart disease which all cigarettes cause, the FTC would be vulnerable to a plethora of lawsuits from the foolish consumers who continue to smoke who went out and switched cigarette brands based upon a recommendation from the FTC. The FTC is delegated the authority to be a clearinghouse of information designed to help protect consumers from criminals and to prosecute violations of federal law, not an ad agency for commercial companies to sell their goods. While no government agency can be perfect all of the time, the FTC is working overtime to protect consumers in an everchanging world with the limited financial resources that are provided to it to accomplish the goals it has been tasked to accomplish. If consumers are dissatisfied with the FTC's ability to prosecute more criminals or the FTC not increasing their capabilities to provide consumers with more services, then I suggest they contact their district U.S. Congressmember and U.S. Senator and ask them to increase the amount of federal budgeted money to the FTC in the upcoming federal fiscal year.

It's simple. Just remember, NOTHING do you on the internet is private!


Leave a Comment