Investigators Reveal Link of 18 Widely-Used VPNs: Importance Unveiled

In a recent peer-reviewed study by the Privacy Enhancing Technologies Symposium, researchers from PETS discovered concerning security issues in the most downloaded VPNs on Android. The study found overlaps among business paperwork, web presence, and codebase, grouping these VPNs into three families of companies.

The 18 VPNs in question, which have shared infrastructures with serious security flaws, are among the top 100 most popular, with over 700 million downloads. Some of the vulnerable VPNs include Turbo VPN, VPN Proxy Master, and Super Z VPN.

The study suggests that customers using these VPNs may have their browsing activity exposed and their systems left vulnerable to corrupted data. It is crucial for users to be aware of these risks and consider taking action to protect their online security.

If a reader does not currently use a VPN, the article suggests that they might want to start using one. However, it is essential to be cautious when choosing a VPN, especially if it is a free option listed as a top choice in an app store.

When selecting a VPN, it is crucial to understand what data the provider shares with its parent company and affiliated entities. Checking the privacy policy for terms like 'logging,' 'data sharing,' or 'data collection' is recommended. Reading detailed, unbiased reviews from reputable sources is also advised.

It can be challenging to determine who controls a VPN, but customers can take measures to ensure its reputation. A Google search of the provider can help determine if the VPN has been involved in questionable activity. Tomaschek, the senior writer at the website, advises knowing the parent company of a VPN.

For those using one of the 18 VPNs, Tomaschek recommends deleting it from their device immediately and considering services like dark web monitoring or identity theft protection if sensitive personal data may have been compromised.

The three companies behind the VPN providers from groups A, B, and C that researchers discovered to have security-relevant vulnerabilities are Ivanti (Ivanti Connect Secure VPN), Citrix (Citrix NetScaler ADC/Gateway), and SonicWall (SSL-VPN Firewalls). These companies’ VPN products were found to have serious security weaknesses exploited by attackers in 2025.

Family A of the vulnerable VPNs is shared between three providers linked to Qihoo 360, a firm identified by the US Department of Defense as a Chinese military company. The researchers did not specify the security flaws of the VPNs in Family C.

It is important to note that none of the VPNs recommended by this website (ExpressVPN, NordVPN, Surfshark, Proton VPN, and Mullvad) are on the list of vulnerable VPNs.

In conclusion, the study highlights the importance of choosing a reliable VPN and being aware of potential security risks associated with popular VPNs on Android. By taking precautions and making informed decisions, users can help protect their online security and privacy.