Your iOS VPN app may not be as secure as you think
New privacy labels disclosure rules offer lots of wriggle room, analysts say
A new analysis of the top twenty VPN apps in the US, UK, Australian, and Canadian iOS App Store editions has revealed that only a mere 12% display accurate privacy labels.
Apple recently introduced privacy labels for its App Store, much like the nutritional labels on packaged food, to give users an insight into the apps’ data collection practices and help users make informed decisions.
According to Apple’s plan, apps that collect personal data are required to self-submit information which the company then uses to award any combination of three labels that tell users whether the collected data is linked to the user or not, and whether it can be used to track them.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- These are the best VPN services
- Also check our list of the best proxy service providers
- We’ve also rounded up the best Android VPN apps
Since these labels are based on self-submitted information, Top10VPN decided to investigate their accuracy for mobile VPN apps.
Discouraging results
The analysts identified forty nine unique apps that appear in the top twenty iPhone VPN apps displayed in each of the US, UK, Canada and Australia Apple App Stores.
Of these, only six of the apps displayed privacy labels that adhered to Apple’s guidelines.
Meanwhile, over thirty of the apps had inaccurate privacy labels, while nineteen had two or more incorrect labels. Nine apps had no labels at all since they haven’t submitted any details to Apple.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The US version of the App Store was the biggest offender, with nineteen of its top twenty VPN apps bearing inaccurate privacy labels.
The analysis also revealed that fourteen apps failed to disclose that they were collecting the IP address of their users.
Wriggle room
“Our investigation not only revealed the disturbing proportion of apps with inaccurate or missing privacy labels but also highlighted further flaws in Apple’s system even beyond the fundamental problem posed by self-certification,” the investigators write in their report.
One of the problems they highlight is the fact that the labels are mandatory only for listed apps that send in a new update. This means many apps continue to be listed without labels since their developers haven’t updated them.
The analysts also argue that Apple’s rules around “optional non-disclosure” of data collection in certain circumstances, offers developers a wide berth to avoid disclosure.
If the investigation by Top10VPN is anything to go by, Apple’s intentions with the privacy labels has been pretty much nullified.
- We’ve also compiled a list of the best business VPN solutions on the market
Via Top10VPN
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.