Zimperium has released new research from its zLabs team revealing alarming weaknesses in mobile Virtual Private Network (VPN) applications.
While VPNs are marketed as essential privacy tools, Zimperium’s analysis of 800 free Android and iOS apps shows that many actually put users, and the enterprises they work for at greater risk.
Among the findings:
Ignacio Montamat, VP of Security Research, Zimperium said: “These apps promise protection but instead create new pathways for surveillance, data theft and exploitation.
“For enterprises with BYOD programs, an insecure VPN isn’t just a consumer problem, it’s an organisational threat that can undermine corporate security at its core.”
Zimperium’s findings reportedly reveal widespread discrepancies between VPN developers’ data practices and their declared privacy policies, with many apps failing to disclose sensitive data collection or misrepresenting their use of system APIs.
This lack of transparency, according to the company, leaves end users and IT teams unable to make informed decisions about which apps are safe to trust.
Zimperium recommends that enterprises and security leaders take a hard look at the mobile apps allowed in BYOD environments.
With VPNs often treated as ‘trusted’ by default, this research is said to highlight the need for stronger vetting and ongoing monitoring.
Visibility into hidden risks from outdated libraries and weak encryption to misleading privacy policies and excessive permissions is critical to protecting sensitive enterprise data and ensuring trust in mobile defences.
