"Scammers scamming other scammers" – This free Android VPN was caught using Windscribe-stolen servers

News
By published

Windscribe suggests this incident signals wider issues with Google Play

A mobile phone with a generic VPN screen and a world map of the server network in the background.
Image Credit: Flickr (Image credit: Getty Images / NurPhoto)
  • A free Android VPN app with 1M+ downloads was caught hosting its service on Windscribe-stolen VPN servers
  • JetVPN allegedly began using Private Internet Access (PIA) servers after Windscribe blocked its access
  • According to Windscribe, this incident is a symptom of wider issues with Google Play

A free VPN, ranking among the most downloaded free apps in the Google Play Store with 1M+ downloads, was caught seemingly stealing from Windscribe.

Rated as one of the best VPN providers on the market by TechRadar's reviewers, Windscribe first realized that JetVPN – a new name in the industry – was using Windscribe-owned servers to host its VPN service at the end of July.

After blocking it, JetVPN allegedly turned to Private Internet Access (PIA) servers to keep hosting its service.

A JetVPN spokesperson told TechRadar that the team was completely unaware of the situation until Windscribe reached out. A third-party firm offering a "white-label VPN" solution allegedly provided JetVPN with Windscribe and PIA servers without the company knowing.

"This whole thing is basically scammers scamming other scammers," commented Windscribe's CEO, Yegor Sak, adding that, "it is not the first time this happened," suggesting this signals a wider problem with how Google deals with quality control on new applications.

Stolen VPN servers – how did it happen?

Windscribe and PIA are among a handful of VPN providers offering unlimited device connections. This means that once you subscribe to one of these services, you can use your VPN app on all of your devices simultaneously.

While everyday users may take advantage of this policy to protect their families and friends by paying only for one subscription, malicious developers can also abuse it to host their own virtual private network (VPN) software at no cost.

"How they do it is very simple: they buy a bunch of Windscribe accounts, and then mass-share them using their own app by distributing OpenVPN credentials," Sak told TechRadar.

Nothing to worry about if you have a Windscribe or PIA account, though. As Sak explains: "This does not affect any other Windscribe users, since they're just abusing their own accounts, which they paid for."

A "Top 5" VPN was Stealing From Us - YouTube A
Watch On

PIA also confirmed to TechRadar that the team was aware that a third party took advantage of its unlimited device offering.

"In line with our Terms of Service, we closed the offending accounts promptly," a PIA spokesperson told us.

When approached by TechRadar, JetVPN said the team promptly stopped using Windscribe and PIA servers as soon as the provider got in touch, removed them from its application, and moved to an infrastructure fully under the company's control.

"We want to emphasize that JetVPN never engaged in any intentional or unauthorized use of their infrastructure – the overlap came solely from the same third-party provider," said a JetVPN spokesperson.

A Google Play issue?

Screenshot of JetVPN's Google Play Store page taken from the Web.Archive website on August 21, 2025.

(Image credit: Google Play)

At the time of writing, JetVPN is unavailable on the Google Play Store. Until Friday, August 15, 2025, it was and amassed a 5-star rating within a couple of months. The VPN was never available for download on the Apple App Store.

Asked about this, JetVPN told TechRadar that the removal isn't directly related to this matter.

"We are currently in the process of updating and improving our service, and we look forward to making it available again in due course," said a JetVPN spokesperson, adding that it was the company's decision to launch the app solely on Android at first.

That said, the JetVPN saga is only the latest of such incidents, where unverified VPN apps managed to get into the top ranks on Google Play.

Google even launched a "Verified" badge last February to help users download only secure and trustworthy services. Yet this popular free Google Chrome VPN extension has recently been found to spy on its 100k users, despite having obtained such a security badge.

All in all, Sak told TechRadar: "Google has a serious problem on their hands with quality control, as well as obvious use of bots to mass-install and mass-review shady apps to get them into the top 10 lists. This is quite obvious, since this app [JetVPN] has a 5.0 rating, with 5k+ votes and zero written reviews."

As a rule of thumb, you should always avoid downloading unsecured freebies if you care about your privacy and security. If you're looking for a trustworthy application, we recommend checking our best free VPN guide – Privado VPN, Proton VPN, and Windscribe Free are today's top picks.

You might also like

Chiara Castro
Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.