Tera Team March 05, 2018

Beware the In-App VPN

Virtual Private Networks (VPNs) are being used more and more. But beware the in-app option: you may be signing up for more than you think.




A Virtual Private Network (VPN) allows the user to access another network over the internet securely, without detection or censorship. Here at Terabyte, we use a VPN to access our local network remotely. Using a VPN, any websites accessed are done so via an encrypted VPN connection. Your geographical location is rendered irrelevant so you can access content regardless of where you are. Think of a tunnel providing a direct link to you and the internet without risk of anyone looking at your traffic whilst using a public WiFi connection.


Sounds Great! What’s the Problem?

Like everything on the digital front, things are changing. Until recently, VPNs were mainly used by corporations to securely connect their users with their networks. However the personal use of VPNs is growing. Along with this, “In-App” VPNs are becoming more prevalent. Here, the VPN is downloaded within the app, ostensibly for security purposes, however the download also enables the collection of data. In the US, Facebook is offering a “Protect” option, where the user downloads the Onavo VPN app within Facebook. This then collects meta data, IP addressing information, DNS queries and contacts. Instead of  tracking just what you do on Facebook, all of your internet traffic is routed and decrypted through Facebook’s servers. And, if the app you’re using doesn’t encrypt its traffic separately from Onavo, they can see what you do in that app.

According to our friends at Mobile Mentor, along with encryption, key management and certificate trust chains on a device and data in the key chain, some VPN apps can also activate camera, microphone and geo location.

In a nutshell, using an in-app VPN amounts to handing over all your data – not just the activity that you undertake on that particular app, but what you do on that device as a whole – to the provider. On the face of it a way of improving services, the in-app VPN is thinly disguised spyware.

So, What Should We Do?

VPNs definitely have a place, and remain the best option for organisations wishing to allow their users secure access to their networks over a geographical distance. However the merit of using free, “in-app” VPNs is debatable. After all, if the motivation for using a VPN is security, then sharing all of your activity and data as a result of downloading the software is a little counter-productive. When browsing on public WiFi networks, the use of https:// sites (indicating an SSL certificate has been put in place) should avoid snoopers getting hold of your data. Most browsers will now show security warnings if the site is non-https.

Our advice: be super wary when apps push VPN's at you, and get in touch with us to arm yourself with the knowledge and awareness to protect your data.

Need more information? Contact us – we promise not to share your data with anyone.