Stories about China and the VPN market usually focus on the use of these virtual private networks to access news sites and social media when caught behind the country’s infamous “Great Firewall.” But now there’s a twist, with new research finding that “the top 10 Google Play search results for ‘vpn’ are dominated by [Chinese] apps participating in potentially fraudulent manipulation practices.” And those apps have secured more than 280 million installs between them.
VPNs redirect internet traffic through remote servers, hiding user locations and IP addresses, encrypting information sent and received. And so this new research from the team at VPNPro is worrying on two counts. First, Google’s system appears to be easily gamed. There are no sophisticated tactics at work here—the researchers claim that basic ruses make all the difference. And, second, users might inadvertently install VPNs they believe to be popular and safe, when in fact if data is logged, if that data can be linked to the individual using the app, then the purpose of the VPN is undermined.
In short, the team claims to have “uncovered what appears to be a large scale operation by Chinese VPN service providers to manipulate Google Play store results—leading to millions of people using potentially unsafe VPNs.” The team has concluded that the blatant manipulation of Google Play together with the “obligation” Chinese tech companies have “to hand data to the government when requested, “could indicate a much more serious issue beyond algorithm manipulation.”
The VPNPro team found that “seven out of the top ten apps,” found to be manipulating the Google Play system, “are either based in Hong Kong, have Chinese directors, or are located in China.”
Commenting on the research, VPNPro security researcher Jan Youngren warned that “at best we’ve uncovered companies using underhand, unethical tactics to mislead consumers and make millions. At worst, there’s a much more sinister strategy at play to monitor and obtain the data of millions of people who have cause to use a VPN to stay safe and private—Often these people live in countries where it is dangerous to publicly express their views, or work in fields such as investigative journalism and human rights… an unsafe VPN can be a matter of life or death.”
Based on extensive analysis carried out by the team earlier this year, the Google Play ranking algorithm “allows black hat tactics to improve rankings for such a popular keyword [as ‘vpn’], Google has previously vowed to clamp down on app manipulation tactics, but this research shows that it still has a long way to go.” Although “rankings in Google Play are very volatile,” a VPNPro researcher explained, “we haven’t noted any big changes to the rankings which would indicate the algorithm has changed.”