Your iOS VPN app may not be as secure as you think

VPN
(Image credit: Shutterstock / FOTOSPLASH)

A new analysis of the top twenty VPN apps in the US, UK, Australian, and Canadian iOS App Store editions has revealed that only a mere 12% display accurate privacy labels.

Apple recently introduced privacy labels for its App Store, much like the nutritional labels on packaged food, to give users an insight into the apps’ data collection practices and help users make informed decisions. 

According to Apple’s plan, apps that collect personal data are required to self-submit information which the company then uses to award any combination of three labels that tell users whether the collected data is linked to the user or not, and whether it can be used to track them.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Since these labels are based on self-submitted information, Top10VPN decided to investigate their accuracy for mobile VPN apps

Discouraging results

The analysts identified forty nine unique apps that appear in the top twenty iPhone VPN apps displayed in each of the US, UK, Canada and Australia Apple App Stores.

Of these, only six of the apps displayed privacy labels that adhered to Apple’s guidelines. 

Meanwhile, over thirty of the apps had inaccurate privacy labels, while nineteen had two or more incorrect labels. Nine apps had no labels at all since they haven’t submitted any details to Apple.

The US version of the App Store was the biggest offender, with nineteen of its top twenty VPN apps bearing inaccurate privacy labels.

The analysis also revealed that fourteen apps failed to disclose that they were collecting the IP address of their users.

Wriggle room

“Our investigation not only revealed the disturbing proportion of apps with inaccurate or missing privacy labels but also highlighted further flaws in Apple’s system even beyond the fundamental problem posed by self-certification,” the investigators write in their report.

One of the problems they highlight is the fact that the labels are mandatory only for listed apps that send in a new update. This means many apps continue to be listed without labels since their developers haven’t updated them.

The analysts also argue that Apple’s rules around “optional non-disclosure” of data collection in certain circumstances, offers developers a wide berth to avoid disclosure.

If the investigation by Top10VPN is anything to go by, Apple’s intentions with the privacy labels has been pretty much nullified.

Via Top10VPN

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.