The Dangers of Free VPNs

A personal VPN service encrypts a user’s internet connection and diverts their traffic via a remote server in order to hide their IP address. They are primarily used to keep internet activity private, evade censorship, and use public WiFi securely.

The best VPN software usually comes with a monthly subscription cost, but a subsection of providers offer VPN applications completely for free.

Most free VPNs claim to provide all the protection of a paid VPN, without any of the cost. Unfortunately, many free VPNs put users at greater risk than using no VPN at all.

With most free VPNs, you may not pay financially, but you pay with your privacy and security.

These free VPN apps are often the first port of call for users suffering from censorship or an internet shutdown.

It’s common for such users to download the first VPN that appears in the search results, assuming that a large number of downloads or a place in the app store means that the VPN is safe to use.

This is far from guaranteed.

While it is possible to find a safe free VPN, many of the most popular free services available are in fact dangerous to use.

Based on the combined findings of our reports, we recommend consumers strongly consider premium VPN services or at the very least research safe free VPN alternatives.

Free VPN Investigations Explained

By 2018, it was becoming increasingly clear that Apple and Google were struggling to manage the increasingly popular VPN category in their app stores.

Generic free VPNs had amassed tens of millions of installs, pushing more established VPN services down in the search results.

That same year, we published the first ever free VPN ownership investigation to shine a light on who owned and operated these free VPN services.

In doing so, we revealed the companies that had access to the sensitive data of hundreds of millions of users around the world.

Since then, we’ve used our expertise and experience in reviewing VPN services to examine every aspect of these hugely popular free VPNs.

This article brings all of this extensive research together. We’ve organized the reports by theme to make it easier to understand the extent of the dangers posed by so many of these apps.

Use the page navigation to jump to each relevant section and see our key findings. We recommend bookmarking this page, as we will continue to update it as we publish new research on free VPNs.

Apple and Google’s response to our free VPN ownership investigations.

We have been researching the ownership of free VPN services since 2018, when we were the first to uncover the extent of hidden Chinese ownership of the most popular free VPN apps in Apple and Google’s app stores.

Here is a summary of the findings from our free VPN ownership research:

Free Android VPN Security Flaws: we comprehensively tested the 100 most popular VPNs.

As well as investigating the ownership of free VPN services, we also undertook a months-long study of the security of the 100 most popular free VPN apps on the Google Play Store, published in June 2024.

We found that 88% of free Android VPNs suffered some kind of data leaks with almost one in five VPNs affected by multiple leaks (IPv4, IPv6, DNS or WebRTC).

We also discovered that 71% of free Android VPNs shared personal data with third parties, such as social media companies and data brokers.

This latest research replaces Free VPN Risk Index from 2019, and utilizes all the knowledge and experience of testing VPNs we have gained in the intervening 5 years.

At that time, we found that one-in-four free VPN apps failed to properly protect their users’ privacy. We also found the vast majority had excessive permissions or code that posed potential privacy and security risks.

After formally notifying Google of our findings and requesting action to raise standards in the category, we conducted a full update six months later to determine whether the situation had improved.

In 2021, we also began tracking the most popular VPN Android apps during individual internet shutdowns and testing them for privacy and security issues. Our initial findings focused on major incidents in Myanmar and Nigeria, where we found 80% of the most popular VPN apps shared or logged users’ IP addresses.

Here is a summary of the findings from our free VPN security research:

Our investigations show free VPN apps to have a poor record of complying with Apple privacy guidelines and that Apple appears to have little appetite for enforcing them.

Apple has increasingly positioned itself as a privacy champion, culminating in the launch of its contentious new App Tracking Transparency feature.

Rather than take Apple’s marketing messages around App Store privacy at face value, we’ve been investigating since 2019 just how effective they really are when it comes to free VPN iOS apps.

When Apple updated its rules to ban VPN apps from sharing any data with third parties, our research revealed it was failing to enforce these rules for the most prominent VPNs in the App Store.

And when Apple introduced mandatory privacy labels, our investigations showed just how few of the VPN apps that Apple displayed most prominently in the iOS App store had fully-accurate labels.

Most recently, iOS apps also now have to ask permission before tracking your activity across other apps and websites in order to deliver targeted advertising. Our testing reveals that many of the most popular top ad-supported free VPN apps are flouting Apple’s rules.

Read the full reports here:

• Free VPN iOS App ‘Request to Track’ Compliance (2021)
• Free VPN iOS App Store Privacy Labels (2021)
• Free VPN iOS Apps Data Sharing (2019)

Below is a summary of the combined findings of those reports.