The Dangers of Free VPNs

Discover our investigations into the dangers of free VPNs. We've uncovered hidden security flaws, concerning ownership, and shady operators behind many popular free VPN apps.

Updated Jun 5, 2024

Simon Migliano

Simon Migliano is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times and more. Read full bio

Dangers of Free VPN Apps investigation header illustration of a man using a smartphone with large eyes looking over his shoulder

First published Sep 27, 2022. Last updated to include details of our new research report Free Android VPN Security Flaws: 100 Apps Tested.

Over the past six years, we have conducted a series of investigations into the dangers of free VPNs. This article summarizes our main findings and introduces a body of evidence demonstrating the true cost of using a free VPN.

Free VPN Ownership Investigations

Chinese VPN Ownership in Taiwan (2022): Half of the 10 most popular free VPN services in Apple’s Taiwan App Store have ownership links with mainland China.
Internet Shutdowns & Free VPNs (2022): We investigated who owns the most downloaded VPN apps during major internet shutdowns. We found over half of these VPN service providers to have potential conflicts of interest.
Chinese Ownership Investigation (2020): 10 of the most popular free VPN mobile apps in the US are still Chinese-owned. Another four have suspected links to mainland China.
Free VPN Update (2019): Apple and Google failed to act on our 2018 findings: 77% of the free VPNs flagged as potentially unsafe were still available.
Free VPN Ownership Investigation (2018): 59% of the most popular free VPN mobile apps were revealed to be secretly Chinese-owned. The majority of these apps were found to have substandard privacy protections.

Free VPN Security Investigations

Free Android VPN Security Flaws (2024): In our most comprehensive VPN security research yet, we tested the 100 most popular free Android VPNs and found 88% suffered data leaks while encryption failures affected one in 10.
Internet Shutdown VPN Security (2021): We are tracking the VPNs rising to popularity during major censorship incidents and testing them for privacy and security issues. 80% share or log users’ real IP addresses.
Free VPN Update (2019): Apple and Google failed to act once more – 90% of the VPN apps flagged as potentially unsafe were still available six months after the Free VPN Risk Index was published.
Free VPN Risk Index (2018/19): We tested 150 free VPN apps and 25% failed to protect user privacy due to DNS and other leaks. 85% featured excessive permissions or functions with potential for privacy abuses.

Free VPN iOS App Store Privacy

Free VPN iOS App ‘Request to Track’ Compliance (2021): We analyzed the network activity of the top 20 ad-supported free VPN apps in the U.S. iOS App Store. Just 3 apps (15%) respected a user’s choice to not permit advertisers to track them.
Free VPN iOS App Store privacy labels (2021): We investigated the top 20 VPN apps in the US, UK, CA, and AU locales (90% were free VPNs). Just 6 free VPNs (12%) displayed privacy labels that adhered to Apple’s guidelines.
Free VPN iOS Apps Data Sharing (2019): 80% of the 20 top-ranked free VPN iOS apps in the App Store were in breach of Apple’s rules.

Are Free VPNs Safe?

A personal VPN service encrypts a user’s internet connection and diverts their traffic via a remote server in order to hide their IP address. They are primarily used to keep internet activity private, evade censorship, and use public WiFi securely.

The best VPN software usually comes with a monthly subscription cost, but a subsection of providers offer VPN applications completely for free.

Most free VPNs claim to provide all the protection of a paid VPN, without any of the cost. Unfortunately, many free VPNs put users at greater risk than using no VPN at all.

With most free VPNs, you may not pay financially, but you pay with your privacy and security.

These free VPN apps are often the first port of call for users suffering from censorship or an internet shutdown.

It’s common for such users to download the first VPN that appears in the search results, assuming that a large number of downloads or a place in the app store means that the VPN is safe to use.

This is far from guaranteed.

While it is possible to find a safe free VPN, many of the most popular free services available are in fact dangerous to use.

Based on the combined findings of our reports, we recommend consumers strongly consider premium VPN services or at the very least research safe free VPN alternatives.

Free VPN Investigations Explained

By 2018, it was becoming increasingly clear that Apple and Google were struggling to manage the increasingly popular VPN category in their app stores.

Generic free VPNs had amassed tens of millions of installs, pushing more established VPN services down in the search results.

That same year, we published the first ever free VPN ownership investigation to shine a light on who owned and operated these free VPN services.

In doing so, we revealed the companies that had access to the sensitive data of hundreds of millions of users around the world.

Since then, we’ve used our expertise and experience in reviewing VPN services to examine every aspect of these hugely popular free VPNs.

This article brings all of this extensive research together. We’ve organized the reports by theme to make it easier to understand the extent of the dangers posed by so many of these apps.

Use the page navigation to jump to each relevant section and see our key findings. We recommend bookmarking this page, as we will continue to update it as we publish new research on free VPNs.

Free VPN Ownership Investigations

Apple and Google as ostriches with their heads in the sand over the problems with free VPN apps in their app stores

Apple and Google’s response to our free VPN ownership investigations.

We have been researching the ownership of free VPN services since 2018, when we were the first to uncover the extent of hidden Chinese ownership of the most popular free VPN apps in Apple and Google’s app stores.

Here is a summary of the findings from our free VPN ownership research:

Chinese VPN Ownership in Taiwan (2022)
- 5 of the 10 most popular free VPN services in the Taiwan App Store have ownership links with mainland China.
- At least one VPN developer has been funded by Chinese state-owned investors.
- 3 apps are registered in Hong Kong, which is no longer a safe VPN jurisdiction.
Free VPN Ownership Investigation (2022)
- 63% of the free VPN mobile apps downloaded during major internet outages fail to disclose their official company name.
- 50% of VPNs with identifiable developers are owned by companies whose directors have potential conflicts of interest.
- Almost half (44%) of the VPNs investigated had links to mainland China.
Chinese Ownership Investigation (2020)
- 10 of the most popular free VPN mobile apps in the US are Chinese-owned. Another four have suspected links to mainland China.
- With over 223 million global installations, these apps have a huge reach.
- 12 of these free VPN apps have privacy policies that are substandard or worse. Six are “poor” to “very poor”.
Free VPN Update (2019)
- Six months on, Apple and Google had failed to act to address these safety risks despite formal notice of our findings.
- 77% of the VPN apps flagged as potentially unsafe are still available.
- Android installations of potentially risky free VPN apps increased 85% to 214 million.
Free VPN Ownership Investigation (2018)
- 59% of the most popular free VPN mobile apps were revealed to be secretly Chinese-owned.
- 86% of free VPN apps had substandard privacy policies, if they had them at all.
- 64% had no dedicated website – several had no online footprint beyond app store listings.

Free VPN Security Investigations

Free Android VPN Security Flaws: 100 Apps Tested

Free Android VPN Security Flaws: we comprehensively tested the 100 most popular VPNs.

As well as investigating the ownership of free VPN services, we also undertook a months-long study of the security of the 100 most popular free VPN apps on the Google Play Store, published in June 2024.

We found that 88% of free Android VPNs suffered some kind of data leaks with almost one in five VPNs affected by multiple leaks (IPv4, IPv6, DNS or WebRTC).

We also discovered that 71% of free Android VPNs shared personal data with third parties, such as social media companies and data brokers.

This latest research replaces Free VPN Risk Index from 2019, and utilizes all the knowledge and experience of testing VPNs we have gained in the intervening 5 years.

At that time, we found that one-in-four free VPN apps failed to properly protect their users’ privacy. We also found the vast majority had excessive permissions or code that posed potential privacy and security risks.

After formally notifying Google of our findings and requesting action to raise standards in the category, we conducted a full update six months later to determine whether the situation had improved.

In 2021, we also began tracking the most popular VPN Android apps during individual internet shutdowns and testing them for privacy and security issues. Our initial findings focused on major incidents in Myanmar and Nigeria, where we found 80% of the most popular VPN apps shared or logged users’ IP addresses.

Here is a summary of the findings from our free VPN security research:

Free Android VPN Security Flaws (2024):
- We tested the 100 most popular free VPN Android apps with over 2.5 billion installs worldwide. 88% suffered data leaks and 71% shared user data with third parties.
- Over half (53%) of VPNs tested has privacy-risking code and the permissions to run it.
- 80% of VPNs tested contained third-party software libraries containing privacy-risking code and the relevant permissions.
Internet Shutdown VPN Security (2021):
- We have so far tested the 5 most popular VPN apps in Kazakhstan during the January 2022 protests, the 10 most popular VPNs in Myanmar since the February 2021 coup and the 5 most popular VPNs in Nigeria since the Twitter ban in June 2021. We will add to this report as new internet shutdowns take place.
- 17 apps tested to date log or share user IP addresses while 16 shared users’ unique Google Advertising Identifier.
- 3 free VPN apps in Myanmar exposed users’ internet activity via DNS and/or IP leaks.
Free VPN Update (2019)
- Six months on from the Risk Index, Google had failed to address the significant security risks despite formal notice of our findings.
- 74% of the VPNs flagged as potentially unsafe still posed a risk.
- The free VPN apps flagged as potentially unsafe had amassed 518 million installs from the Play store at the time – almost doubling from 260 million in just six months.
Free VPN Risk Index (2019)
- We tested 150 free VPN apps with over 260 million installs. 25% failed to protect user privacy due to DNS and other leaks.
- 85% featured excessive permissions or functions with the potential for privacy abuses.

Free VPN iOS App Store Privacy

Free VPN apps have a poor record of complying with Apple privacy guidelines

Our investigations show free VPN apps to have a poor record of complying with Apple privacy guidelines and that Apple appears to have little appetite for enforcing them.

Apple has increasingly positioned itself as a privacy champion, culminating in the launch of its contentious new App Tracking Transparency feature.

Rather than take Apple’s marketing messages around App Store privacy at face value, we’ve been investigating since 2019 just how effective they really are when it comes to free VPN iOS apps.

When Apple updated its rules to ban VPN apps from sharing any data with third parties, our research revealed it was failing to enforce these rules for the most prominent VPNs in the App Store.

And when Apple introduced mandatory privacy labels, our investigations showed just how few of the VPN apps that Apple displayed most prominently in the iOS App store had fully-accurate labels.

Most recently, iOS apps also now have to ask permission before tracking your activity across other apps and websites in order to deliver targeted advertising. Our testing reveals that many of the most popular top ad-supported free VPN apps are flouting Apple’s rules.

Read the full reports here:

Below is a summary of the combined findings of those reports.

Free VPN iOS App ‘Request to Track’ Compliance (2021)

Minimal compliance: Only 3 of the top 20 free VPN apps in the US respect users’ wishes regarding ad-tracking
IP address sharing: Two-thirds of free VPN apps tested shared this info after users denied permission for ad tracking
Ad tracking loophole: 80% of free VPN apps shared users’ IP address before permission was sought.

Free VPN iOS App Store privacy labels (2021)

49 unique VPN apps appear in the top 20 VPN apps ranked highest by Apple in each of the US, UK, CA, AU locales (90% were free VPN). Just 6 VPN apps (12%) had fully accurate privacy labels.
Missing labels: 9 VPNs (18%) lacked privacy labels as they had failed to submit any details to Apple
IP address collection: 14 VPNs (29%) failed to properly disclose collection of this data point

Free VPN iOS Apps Data Sharing (2019)

No enforcement: 16 of top-ranked 20 free VPN iOS apps breached data-sharing rules
Downloads: 6 million monthly installs of non-compliant VPN apps

The authors of all our investigations abide by the journalists’ code of conduct.