Cybernews researchers recently discovered that a free Chinese VPN app called Airplane Accelerates has been leaking user data. The researchers found that the app leaked an incredible amount of personal user information — over 5.7 billion data entries.
Besides the fact that any data breach has the potential to be devastating for its victims, this breach can be dangerous, as many Chinese citizens use VPN apps to get around the Great Firewall. If Chinese authorities come into possession of this information, it could be de-anonymized and used to pursue citizens.
Chinese Citizens May Pay Dearly for Using Free VPNs
Among the types of data the Airplane Accelerates app leaked, are users’ IP addresses, IDs, the domain names of the websites they visited, and their app usage timestamps. The researchers found Airplane Accelerates is owned by AP Network PTY Ltd, a company based in Australia.
Cybernews reached out to the company when it discovered the breach, but a month later, the company has yet to respond. In an effort to protect users, the researchers decided to publish their findings so the app’s users can make informed decisions.
Even more worrying, researchers also found that the Android app can be used as spyware and has remote execution functionality. They found a high volume of permission requests that include access to the device’s audio recorder, camera, and external storage. The app even requests to modify contacts and install new software.
No VPN app has a legitimate reason for requesting any of these device permissions. This behavior is very similar to what malware apps do to steal user data and install viruses.
“While antivirus apps do not detect this app as malicious, our analysis of it raises some significant red flags,” said Aras Nazarovas, the Cybernews researcher who led the investigation.
Free VPNs Have a History of Data Leaks
It’s unclear how many Chinese citizens use the Airplane Accelerates app as it’s available on all major devices, but based on app reviews its, user base ranges in the thousands. Many more people across China and around the world use other free VPN apps to hide their real IP addresses, privatize their internet activity, and access restricted websites.
Yet free VPNs are historically unsafe — with multiple leaks, breaches, and shady practices plaguing the freeware market. In 2021, researchers caught Quickfox exposing the unencrypted personally identifiable information (PII) of about a million users. In 2022, researchers found that Bean VPN was also leaking the PII of millions of users. In the same year, cybercriminals also leaked the user data of 3 free VPNs on Telegram.
According to an investigation by Top10VPN, 75% of all the free VPN apps on app stores are potentially unsafe.
The Price of Free VPNs is Steep
The only positive point to free VPNs is that they’re free. On every other level, free VPNs are frustrating to use and compromise your online security. Free VPNs have been found to:
- Collect, store, and sell user data
- Be malware in disguise
- Not hide their users’ identities or browsing activity
- Have slow speeds and limited server networks
- Be owned by questionable companies
- Have insufficient customer support
- Not provide reliable access to content (due to being regularly blocked by platforms)
None of the above is surprising, either, as free VPNs are usually underfunded and have to resort to underhanded tactics to make money. As the old adage goes: When something is free, you are the product.
CyberGhost VPN doesn’t offer a free version anymore, but you can still try CyberGhost VPN for free with our 45-day money-back guarantee. Your digital data may seem insignificant at face value, but companies, cybercriminals, and governments can use this against you in a number of ways. When your digital data is at stake, it’s important to know how to pick a VPN that’s safe.