Jump to content
Not connected, Your IP: 18.224.38.170
OpenSourcerer

FYI: Official NordVPN Android app transmits personal data to third parties

Recommended Posts

A german IT security blogger recently discovered that NordVPN's official android app transmits personally identifiable information to NordVPN and a few third parties.

 

The checked version of their app is v3.9.8 which seems a few versions behind the current branch but still fairly recent.

The blogger discovered that a user's Google mail address along with the advertising ID and a bit of other info are sent to Iterable, AppsFlyer and Tune along with some Google services like Analytics - all seemingly without the user's consent and even without mentioning it in the app's ToS.

 

Of course customer support has been asked as well. Their answer was not satisfactory:

 

Hello there! We use these tools to monitor aggregated data to improve UI/UX and determine the efficiency of our marketing campaigns. They are not related to the user’s activity when using our VPN service. In case you have further questions, do not hesitate to drop us a DM!

 

Everyone interested in some of the HTTP POSTs discovered can look at them in the article linked above. The article itself is German-language, but it doesn't contain more info than this, only a bit of the writer's opinion which I share: It's very questionable that a "no-log" or even "privacy-centered" VPN provider like NordVPN is bold enough to state "marketing reasons" as their justification to track users of their Android app. Even worse that this tracking is performed by third parties who will most likely use this data in cross-referencing...

 

Try to avoid NordVPN. Searching for "NordVPN" in this forum alone will yield more than enough reason. One in three newly created threads is about them.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hello!

 

That's certainly interesting. Thank you for taking the time to post it here and making it available in English .

 

I completely agree that the choice of justification is very poor in this regard.

 

Moved topic to the proper forum.


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

Hello,

 

we wish and we need to distance ourselves from such a behavior which can even imply a criminal infringement in the EU.

 

Events like the one discovered by Mike Kuketz may cast a general climate of distrust in a delicate sector which needs first and foremost customers' confidence.

 

Nowadays VPN "market" is polluted by shady services. Sometimes you can't even know the owners or the running company behind a service.  We are confident that fiscal, legal and technical transparency of AirVPN, as well as high standards both on consumers' protection and privacy fields since the end of 2010, will allow our customers and  non-customers to discern honest professionals from anybody and anything else.

 

We have always and only released free and open source software for public scrutiny and we have always supported a variety of privacy enhancing services in fundamental ways. For example, today we contribute to run about 7% of all the existing Tor exit nodes in the world. https://airvpn.org/mission

 

Kind regards

AirVPN Staff

Share this post


Link to post

Hello,

 

it might be interesting for you that Mr. Kuketz had a look at some other Android Apps from some VPN services. He found some trackers there, too, In one case (Avast SecureLine VPN) he says he found 14 trackers:

 

 

  • AppsFlyer

  • Facebook Ads

  • Facebook Analytics

  • Facebook Login

  • Facebook Places

  • Facebook Share

  • Google Ads

  • Google Analytics

  • Google CrashLytics

  • Google DoubleClick

  • Google Firebase Analytics

  • Inmobi

  • Moat

  • Twitter MoPub

 

Immediately after the start, Avast SeureLine vPN's app is contacting Facebook, according to Mr. Kuketz, and is sending some information including a Google advertising ID, the type of the device and the display resolution among other information.

 

At least, Avast mentions all the third parties contactd by the app in its Privacy Policy. However, according to Mr. Kuketz, this was not true in many other cases: He said there were no hints that the app would send some information to multiple third parties.

 

In some cases, Kuketz said he could not find out which pieces of information were sent, because they were encrypted.

 

Below are the relevant links. (Regrettably, it seems that Mr. Kuketz’ findings have only been published in German so far, but you may get an impression with the help of a good translation program).

 

https://www.kuketz-blog.de/cyberghost-vpn-android-app-verseucht-mit-trackern/

 

https://www.kuketz-blog.de/vyprvpn-no-logging-versprechen-wertlos/

 

https://www.kuketz-blog.de/avast-secureline-vpn-14-tracker-in-einer-app/

 

https://www.kuketz-blog.de/avg-secure-vpn-weitere-vpn-app-mit-haufenweise-trackern/

 

 

This state of affairs is really disquieting.

Share this post


Link to post

It would be more interesting to have insights into the apps of all the providers who regularly place themselves on the no-log VPN provider list of TorrentFreak for example. I only recognize VyprVPN, the rest are more or less known for it.

 

Nevertheless, it seems we've found a silver mine of information on it. Let's see what he digs up next and consider donating a small amount of money for his work.

 

Sent via Tapatalk.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...