This brand new VPN certification scheme could become a very big deal

ioXt Alliance certified VPN providers
(Image credit: ioXt Alliance)

The top VPN providers know they have to fight to win your trust, and their favorite tactic is usually in the form of the independent audit. Hire PricewaterhouseCoopers or some other big-name consultancy, ask them to take an in-depth look at your procedures, and (hopefully) get a report saying how privacy-conscious you are.

This is a great idea when done properly, and can give real assurance that a company is living up to its promises. But there are problems, too. Audits are huge projects, time-consuming and expensive, and the VPNs who most need them - the smaller providers, the ones you're not quite sure you can trust - just don't have the resources to take part.

Fortunately, there's now a new way for providers to confirm that their Android VPN apps comply with best security practices. And in our latest round of VPN testing, we found that it's being embraced by some of the best VPNs in the game.

Image

<a href="https://go.expressvpn.com/c/4550836/1330033/16063?subId1=hawk-custom-tracking&sharedId=hawk&u=https%3A%2F%2Fexpressvpn.com%2Fgo%2Fvpn-software%2Fvpn-android%3Foffer%3D3monthsfree%26a_fid%3D744" data-link-merchant="expressvpn.com"" target="_blank" rel="nofollow">Today's top VPN for Android is ExpressVPN
Going to a smaller screen doesn't mean a VPN's effectiveness has to drop and the best apps out there are easy to download and use, keep your Android anonymous online and help you unblock restricted apps. ExpressVPN ticks all those boxes, and you can try it risk free for 30 days, too.

Simple certification from the ioXt Alliance

The new Internet of Secure Things (ioXt) Alliance VPN app certification scheme is small when compared to those fuller independent audits. There's nothing complicated: no checking of a VPN's servers, back-end systems or anything else.

There's still plenty of value here, though. The certification process checks that sensitive data is stored securely, password management and authentication is handled well, private encryption keys are safely stored in the Android KeyStore, and the app only asks for necessary permissions.

The app must default to a secure protocol, avoid leaking data out of the tunnel, and have kill switch and auto-reconnect functions to protect you if the VPN connection  drops. There are plenty of other test items (check out ExpressVPN's certification page here for example) and it's great to have these kind of details independently verified. In addition to Express, VPN heavyweights like NordVPN and Private Internet Access have also had their Android apps verified.

ExpressVPN Android interface

(Image credit: ExpressVPN)

Simple, fast, cheap certification

What's more, because ioXt certification is simple, quick, and relatively low-cost, it's going to be very accessible to even the smallest VPNs. We suspect the best of these will jump at the chance to show their mobile VPN apps are safe and secure. And over time, as more and more get certified, it's going to be very difficult for everyone else to explain why they're still certification-free.

This doesn't mean big, custom, one-off audits are going away - that's not what we want. But a move to smaller, standard, more affordable certifications makes a lot of sense. Not only can just about everyone in the industry take part, but because they're all completing the same tests, it becomes much easier to compare results and see who really is delivering a top-quality service.

  • Save your cash with our countdown of today's best cheap VPNs
Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.