One in five free apps from the top 150 free VPN Android apps in Google’s Play Store was flagged as a potential source of malware when tested using VirusTotal. 25% of the apps were affected by a DNS leak security issue. A quarter of them come with user privacy breaking bugs such as DNS leaks which expose user DNS queries to their ISPs. Over half (57% ) featured code to get a user s last known location. The research team found the following intrusive permissions and user privacy-breaking code:. Use of camera and microphone and the ability to secretly send SMS.
Source: https://www.bleepingcomputer.com/news/security/malware-user-privacy-failures-found-in-top-free-vpn-android-apps/