Here’s how one popular VPN company keeps its apps free from malicious modifications

(Image credit: Shutterstock / 0beron)

ExpressVPN has revealed it has enlisted the help of PwC Switzerland to ensure its service's verification system actually works as it should.

The aim of this system is to sharply reduce the risk of an infected machine or unwitting employee inadvertently distributing malware payloads. That means mitigating the risk of having malicious code inserted into ExpressVPN apps, which in turn could be used to eavesdrop or for other nefarious activities.

PwC Switzerland acted as an external, independent auditor and was tasked with checking every step of the process.

End-to-end verification

As ExpressVPN explains, the auditors vetted the system by accessing the source code, servers, documentation and user information back in May. It is important to note that this type of assessment produces a snapshot of the system's performance and that circumstances evolve, which is why these checks are performed regularly. 

The full report is available to ExpressVPN customers for free and goes into detail with regards to the processes involved in the rigorous audit.

The privacy company - which sits atop our best VPN guide - introduced a number of features that aim to improve performance and security for their clients; it launched RAM-only VPN servers and unveiled a new protocol called Lightway.

Last year, it was audited twice (by PwC and Cure53) and also teamed up with HP and Dynabook to provide bundled VPN software for the firms' business laptops.

Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.