Independent auditors have confirmed that one of the best VPN apps on the market protects your data with "a high-security level."

Mullvad VPN put its security infrastructure under scrutiny for the fourth time between October 23 and November 28, 2024. Experts from X41 D-Sec performed penetration tests and source code audits across all VPN apps for 30 days, finding only non-critical issues.

The VPN provider stated that it has now addressed these flaws "to the extent possible."

Mullvad's 4th security audit

"Overall, the Mullvad VPN Applications appear to have a high-security level and are well positioned to protect from the threat model proposed in this report," concludes the audit.

As mentioned earlier, experts conducted a white box penetration test and source code audit to investigate if attackers could compromise users' real identity or monitor their activities.

"The use of safe coding and design patterns in combination with regular audits and penetration tests led to a very hardened environment," noted experts.

Auditors found a total of six vulnerabilities, though none of them were critical. Three smaller issues "without a direct security impact" were also identified. You can find all the technical details in the full report.

Commenting on the results, the provider said: "Mullvad is very happy with the quality of the audit performed by X41 D-Sec. X41 managed to find issues in our code that previous audits missed, which shows that there is great benefit in having audits performed by different companies."

This is, in fact, the fourth independent security audit Mullvad has undergone every two years since 2018.

Mullvad implemented fixes for four of the issues found during the audit. The team released a new app version on the affected platforms (desktop, Android, and Linux VPN) immediately after receiving the audit report.

Auditors also confirm the provider addressed all the issues "swiftly and the fixes were audited to be working properly."

The latest results corroborate Mullvad as one of the most secure VPN providers on the market right now. Besides bullet-proof security infrastructure, the service offers a strict no-log policy (which an inconclusive police raid proved in real life), a built-in tracker blocker, and strong encryption protocols.

In October, Mullvad even beefed up its defense against AI surveillance and censorship thanks to some advanced security features. These include extended support for VPN obfuscation technology for the WireGuard protocol and the innovative DAITA system which aims to mitigate AI-powered tracking by modifying the appearance of data packets sent over the VPN network.