Android VPN apps found serving disruptive ads

(Image credit: Shutterstock)

A security researcher has discovered four VPN apps that serve ads while running in the background and also on the home screen of Android smartphones in the latest case of adware found on the Google Play Store.

While researching suspicious Android VPN apps, Andy Michael found that Hotspot VPN, Free VPN Master, Secure VPN and Security Master by Cheetah Mobile were all showing full screen pop-up ads on his smartphone even though none of these apps were currently open.

It is also worth noting that all of these apps originate from either Hong Kong or China where VPN usage tends to be higher than in other countries due to China's Great Firewall and the ongoing protests in Hong Kong. While three of the four apps provide VPN services to users, Security Master is an antivirus app. 

All of the apps found to be showing disruptive ads by Andy Michael are still available on the Play Store at the time of writing.

Adware apps

In addition to APIs from Google and Facebook used to show ads, Michael's investigation also found that Hotspot VPN also contained obfuscated code which is used to show full-screen ads regardless of whether or not the app is currently open which results in significant battery and CPU usage. This app's name also resembles the legitimate VPN, Hotspot Shield and its developer likely chose this name as a way to trick unsuspecting users into downloading their app instead.

Free VPN Master was found to share the same code for serving Google ads and its APK file has the same code structure and files as Hotspot VPN. According to Michael, both apps are identical apart from slight modifications in their code.

Secure VPN though was the worst offender as it served ads when users had other apps open and even overlaid them on top of user's home screens. The app also contained references to code that recorded activities such as when an ad was displayed, clicked on or dismissed by the user. Security Master on the other hand, used more sophisticated behavior to show ads when users tried to go back to the home screen or when certain buttons were clicked.

Android users are constantly warned to avoid installing apps from unknown sources but when they can't even trust Google's own Play Store to find legitimate apps, there is a serious problem.

  • Worried about downloading a fake VPN app? Check out our complete list of the best VPN services of 2019


Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.