How dangerous are VPN apps?

Google wants to include new bans for VPN apps in the Play Store guidelines starting in November. Find out here what this means and how these apps can be dangerous in terms of data protection.

What does Google want to ban?

Effective this November, Google will amend the guidelines for the Play Store. The changes will mainly affect apps that advertise to protect user privacy.

Specifically, this concerns apps that offer a VPN service as a core function. They advertise that they protect the user's privacy from the outside world by setting up a VPN tunnel. However, some providers may act fraudulently by financing themselves through targeted advertising or even selling the users' data to third parties.

Google wants to ban such practices in the future. So Google will ban VPN apps that manipulate ads "that can affect app monetization." In addition, the apps offered in the Play Store will no longer be allowed to manipulate or redirect the network traffic of other apps on the device for monetization purposes.

What are the exceptions?

Of course, Google does not want to ban all such services in its Play Store. Network apps for implementing remote access, security apps that are intended for firewalls or mobile device management, or apps from providers will still be offered.

This means that classic VPN apps, which are often used in companies, are not covered by the ban.

How useful are VPN apps for data protection anyway?

Golem already stated at the beginning of 2019: "Most users do not need a VPN". Increasingly, however, such apps are also being promoted from the perspective of data protection and data security.

Such a VPN service only encrypts the data between the user and the provider's server. Between the VPN server and the destination, however, the data is unprotected. The potential point of attack is therefore merely shifted by the service.

Thus, Golem also ultimately states: "VPNs are of little use when it comes to security, and when it comes to data protection, the benefit is at least questionable." Many of the apps offered do not even encrypt their data traffic, do not route the IPv6 connection over the VPN, or do not send DNS requests over the VPN. Thus, the VPN services themselves can become a security risk.

VPN services for private individuals thus only make sense for niche applications. However, the risks mentioned remain even there.

You need competent advice on data protection in data security for your company? We will be happy to assist you! With our team of experts you can here get in contact.