7 things you need to know about Google VPN

Google One app on a phone in a jeans pocket
(Image credit: Shutterstock)

Google is always extending its tech empire with new apps and services, but the most interesting addition for a long time is a tool vying to be one of the best VPN services on the market.

Signing up for the company's 2TB+ Google One plans not only gets you cloud storage and phone backup: there's now a bundled Android VPN, too.

Sounds good, but can you really trust a VPN from a company that makes its money by collecting your data? In the past Google has had a sketchy record when it comes to protecting user’s privacy. 

For instance, despite introducing its own system to phase out third-party cookies when it comes to displaying targeted ads on their devices, Google has resisted calls from privacy advocates to simply block targeted ads altogether. 

In 2019 the French government even fined Google 50 Million Euros (Around $55 Million) for its data collection policies, claiming it violated the GDPR.

Privacy concerns aside for now, the question remains: does the service have the features you need, and how does it compare with the big providers? We've got the details you need to decide whether this is the VPN for you.

1. It's designed to prevent logging

Using a VPN normally means trusting the service to keep your browsing history private, but Google's VPN is different. The company doesn't just promise not to log your details, it's designed the service to make that impossible.

Log into most VPNs and the server handles your credentials and can see every site you visit. It can be relatively easy to build a browsing history.

Log into Google One VPN and the company uses a technique called blind signing to protect you. In simplest terms this involves different computers handling who you are (authentication) and what you’re doing (browsing). 

Google's authentication system knows who you are, but doesn't see your traffic. The VPN server sees the sites you're visiting, but doesn't know who you are. The end result: Google can't log your browsing history because there's no way to link your online activities to your account. This has been independently verified (see below). 

Apple Private Relay also uses blind signing, but it's not an approach we've seen from the other big VPN names yet, and that gives Google a definite privacy advantage. 

2. It's open source and audited, too

Don't trust Google? Smart move: you shouldn't take any provider at its word. That's why Google has open-sourced its Google One client code, and had the client and other service components independently audited by security consultancy NCC Group.

It's good to see any VPN opening itself up to this kind of scrutiny. And if you're the technical type, go read the report for yourself: it's crammed with low-level detail on what the auditors checked and everything they found.

If you’re not feeling technical, the bottom line is that NCC Group found 24 potential security problems, some of which Google has tried to fix. One example was that the Windows version of Google One had to be run using an Administrator password - this meant the app could make system-wide changes, so is potentially unsafe. Google quickly modified the program so it could be run by a regular user.

While NCC agreed that the separation of authentication and browsing was impressive, they pointed out this wouldn’t do much good if Google themselves decided to break their own privacy policy. Since they manage all the servers, they could easily identify someone and record their activities if, for example, they were subjected to a secret court order.

Of course this is no more true for Google than for many other VPN services, but as the company and their parent company Alphabet are based in California, this is particularly concerning as US law does allow secret subpoenas of this kind. Worse still, Section 8 U.S.C. §2709(c) of the USA Patriot Act would forbid Google from telling the user that their data was no longer safe.

Google could give its users some reassurance by using a warrant canary but so far there’s no evidence they’ll implement this. 

Google One VPN interface in landscape form

(Image credit: Google)

3. It doesn't allow changing your location

One common reason for using a VPN is to change your digital location. If you're in the UK, for instance, connecting to any of the best US VPNs gets you a US IP address and might allow you to unblock local Netflix content.

Google One VPN doesn't support changing countries. It doesn't even have a location list. All you get is an Enable option which connects you to the nearest server in your current country.

That's often all you'll need, and for instance Google One VPN protects you on local Wi-Fi as well as anyone else. But it's not going to help you unblock websites, and as Google needs to work with content providers like Netflix, our guess is it never will.

Of course, this could work to your advantage if you’re travelling outside your home country, as you’ll still appear to be connecting from Google One’s servers. This could mean you can access the same online services as at home. 

4. It only works in supported countries

Google's strict policy on location changing has a side-effect you might not expect: it won't work outside of Google One VPN's supported countries (currently Canada, France, Germany, Italy, Mexico, Spain, the United Kingdom, and the United States.)

Connect to most VPNs when you're in Amsterdam, for instance, and even if the provider doesn't have a server in the Netherlands, it'll route you to the nearest location in another country.

Try to access Google One VPN when you're in Amsterdam, or anywhere else not on Google's supported list, and it’s not clear what will happen. Although Google are quite clear about which countries support Google One, they don’t make it clear how the service functions if you sign up then go travelling, simply saying on their website:

“If you have VPN by Google One turned on and your home country/region is listed above, VPN by Google One still works when you travel internationally to many additional countries/regions.”

It seems then, the only way to be sure exactly which VPN server your device will connect to if you’re outside your home country is simply to try it. You may find it connects to a Google One VPN Server in the nearest available country or it may just not work at all. 

Google One VPN screens showing the Enable button and Connected message

(Image credit: Google)

5. It's (mostly) very easy to use

The VPN is a great addition to Google One, so we weren't surprised to find the 'Enable VPN' button prominently placed at the top of our One app screen.

Tap Enable, then tap the switch and you're generally connected in a few seconds. Don't need it any more? Tap the switch again to disconnect. Setup is very simple via Android’s “Quick Settings”, menu, after which there’s no need to use the dedicated app at all to connect or disconnect. 

We noticed a small potential gotcha in the VPN's error handling. If you try to use it in an unsupported country, or you've got another VPN connected, One won't display any kind of error message: it just won't work. Turn off the other VPN, though, and Google One returns to its smooth-running self.

This is a worry, as most VPN’s worth their salt these days have an optional “kill switch”, which blocks all internet activity if the connection drops for any reason. This is so you don’t use the internet when the VPN service isn’t running, believing you’re connected.

The Android version of Google One’s VPN does have a kill switch but the iOS version doesn’t. This means Apple users will need to manually check the VPN connection has been established each time before using the internet. 

6. It's more powerful than it looks

Google One can't match the likes of ExpressVPN for features. Apart from the lack of a location list, there's no option to automatically connect when you access insecure Wi-Fi. 

There’s also currently no support for different VPN protocols (you must use Google's own custom offering). Google has not shared many details about this but have said they hope to support the IPSec and OpenVPN protocols in future. This would give a better guarantee of privacy, as the source code for these protocols is freely available so can be regularly reviewed for security bugs. 

Google’s VPN software also doesn’t let you change your DNS settings, which could leave you vulnerable to DNS leak. During our tests on a Windows 11 PC located in France, we found that although using the app changed the IP address, the IPLeak website did still display our ISP’s DNS servers. This means that the ISP would still be able to see any DNS requests you make to connect to websites or online services whilst using Google’s VPN. 

The Google One app also offers no bonus extras like blocking of malware and phishing sites, as is sometimes the case with other major VPN providers. 

Split tunneling support is a handy extra which allows some apps to bypass the VPN and use your regular connection. This is useful if you’re using certain services that block or restrict VPN’s like Netflix but still want to protect your privacy when browsing the web, for instance. However there’s also a greater risk of leaking your IP address. 

And if you need to turn the VPN off briefly, no need to disconnect. A Snooze feature disables the VPN for 5 minutes, then automatically turns it back on again, so there's no chance you'll forget. That's a welcome plus, and not a feature we see with most VPNs.

Currently Google One supports running their VPN on up to 6 devices. This is on a par with major VPN providers like NordVPN. 

In terms of speed, in our Google One review, we tested the tool’s performance by installing the Android app on a Samsung Galaxy Tab A7, then connecting to the VPN service using a Three UK 5G router.

With the VPN turned off, the Three 5G router achieved average speeds of 250-260Mbps. Activating Google One VPN reduced speeds, but only minimally, to 200-225Mbps.

We also installed and ran ‘client’ apps from ExpressVPN, Surfshark, IPVanish and Mullvad on the same setup. They all averaged speeds of around 125-150Mbps, significantly slower than Google One VPN.

These speed tests were all done on one day on the same devices but there are a number of factors that can affect internet speeds, especially when using wireless. As you can’t select a specific server with Google One, it’s also difficult to compare connection speeds with VPN servers that do allow you to do this. 

Still, it’s fair to say that using Google’s VPN doesn’t slow down the internet connection speed significantly. 

The Google One app in the Play Store

(Image credit: Google)

7. It's decent value and easy to try

Google's VPN is included with the 2TB and higher Google One subscriptions, priced from $9.99 a month.

That's good value, especially for monthly billing. Most monthly billed VPN plans cost from $10 and up (although you can often get huge discounts if you sign up for longer e.g. 24 months in advance).

Plus, of course, most regular VPN plans don't get you 2TB of storage or more, shareable with up to 5 family members, and 10% Store credit on Google Store purchases.

In December 2022, Google also announced that its VPN service would be made available at no extra cost to owners of their Pixel 7 and Pixel 7 Pro flagship mobile devices.

Google's VPN can't compete with the power and lengthy feature lists of providers like NordVPN or Surfshark, and probably never will. It handles simple tasks very well, though, and if you need a little extra Android protection (and can use the storage space) it's well worth a try.

If you’re interested in trying Google One’s VPN service, the developers are issuing invitations to certain Google account holders to try it out on a trial basis. 

Whatever option you choose, you’ll need to have a Google account or be prepared to create one in order to use the service. You don’t, however, have to use a GMail address or Google Apps in order to access the VPN service.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.

With contributions from