The top VPN providers know they have to fight to win your trust, and their favorite tactic is usually in the form of the independent audit. Hire PricewaterhouseCoopers or some other big-name consultancy, ask them to take an in-depth look at your procedures, and (hopefully) get a report saying how privacy-conscious you are.
This is a great idea when done properly, and can give real assurance that a company is living up to its promises. But there are problems, too. Audits are huge projects, time-consuming and expensive, and the VPNs who most need them - the smaller providers, the ones you're not quite sure you can trust - just don't have the resources to take part.
Fortunately, there's now a new way for providers to confirm that their Android VPN apps comply with best security practices. And in our latest round of VPN testing, we found that it's being embraced by some of the best VPNs in the game.
- iOS user? Check out today's best iPhone VPNs
- We've rounded up the best Android apps on the Play Store
- Discover how you can change your Play Store location
Simple certification from the ioXt Alliance
The new Internet of Secure Things (ioXt) Alliance (opens in new tab) VPN app certification scheme is small when compared to those fuller independent audits. There's nothing complicated: no checking of a VPN's servers, back-end systems or anything else.
There's still plenty of value here, though. The certification process checks that sensitive data is stored securely, password management and authentication is handled well, private encryption keys are safely stored in the Android KeyStore, and the app only asks for necessary permissions.
The app must default to a secure protocol, avoid leaking data out of the tunnel, and have kill switch and auto-reconnect functions to protect you if the VPN connection drops. There are plenty of other test items (check out ExpressVPN's certification page here (opens in new tab) for example) and it's great to have these kind of details independently verified. In addition to Express, VPN heavyweights like NordVPN and Private Internet Access have also had their Android apps verified.
Simple, fast, cheap certification
What's more, because ioXt certification is simple, quick, and relatively low-cost, it's going to be very accessible to even the smallest VPNs. We suspect the best of these will jump at the chance to show their mobile VPN apps are safe and secure. And over time, as more and more get certified, it's going to be very difficult for everyone else to explain why they're still certification-free.
This doesn't mean big, custom, one-off audits are going away - that's not what we want. But a move to smaller, standard, more affordable certifications makes a lot of sense. Not only can just about everyone in the industry take part, but because they're all completing the same tests, it becomes much easier to compare results and see who really is delivering a top-quality service.
- Save your cash with our countdown of today's best cheap VPNs