Professor Dali Kaafar, CSIRO senior principal researcher in online privacy and security and the paper’s co-author, urged VPN users to read the small print and scrutinise what permissions they gave away.
“Always pay attention to the permissions requested by apps that you download,” he said. “This study shows that VPN app users, in particular, should take the time to learn about how serious the issues with these apps are and the significant risks they are taking using these services.”
Sorry, not sorry
The research team contacted the developers behind each app and shared their findings. The responses were mixed. Many didn’t respond, while some of those that did confirmed the findings. One argued that embedding less-popular tracking libraries was “the best choice to monetise the app”.
“Several of them took actions to fix the identified vulnerabilities. Some apps were even removed from the Google Play Store,” Kaafar said.
Sign up for CIO Asia eNewsletters.