Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Redazione RHC : 23 June 2025 14:14
“If you don’t pay for the service, you are the product. This is true for social networks, but also for free VPNs: your data, your privacy, is often the real price to pay.
Researchers at the Tech Transparency Projecthave reported that at least 17 free VPN apps with alleged ties to China are still available in the US versions of the Apple and Google stores, and big tech companies are managing to make money from these apps despite the risks to user privacy.
The first investigation by TTP surfaced in April, revealing that the data of millions of users from more than two dozen VPN services may have been transferred to China without their knowledge. Five of those apps were allegedly linked to Shanghai-based Qihoo 360, which had previously been sanctioned by the United States for its possible ties to the Chinese military.
Six weeks later, an updated report from TTP shows that most of those apps are still available on the U.S. versions of the App Store and Google Play. The researchers also found signs that Apple and Google may be profiting from those services. More than two dozen of the top 100 free VPNs in the U.S. App Store have hidden ties to China, according to their data.
Apps Linked to Qihoo 360 include Turbo VPN, VPN Proxy Master, Thunder VPN, Snap VPN, and Signal Secure VPN. Some of these remain on the Apple Store despite the initial flag. Other services on the list include X-VPN, Ostrich VPN, VPNIFY, OvpnSpider VPN Proxy, WireVPN, Now VPN, Speedy Quark VPN, AppVPN, HulaVPN, and Pearl VPN.
The situation is similar on the Google Play platform. The same four Qihoo 360 apps are available in the United States, along with seven other VPN services of Chinese origin. The new TTP audits also found that many of these apps offer in-app purchases, which means Apple and Google may receive a cut of user payments for subscriptions and additional features.
Additionally, some apps contain advertising, which also becomes an additional source of revenue. As an example, the researchers cited a screenshot of the Turbo VPN page on Google Play from May 8, 2025, where a notice about the presence of advertising content is visible.
Apple stated in a commentthat it has strict requirements for VPN developers and does not allow the transfer of user data to third parties. However, the geography of the developer’s origin does not affect the availability of the apps in the store. At the time of publication, there was no response from Google.
The researchers confirmed that the same VPN apps are available in the UK stores, which means that the issue could also affect users in other countries.
Redazione