Jump to content


Photo
- - - - -

FYI: Official NordVPN Android app transmits personal data to third parties

NordVPN Android app privacy data

  • Please log in to reply
4 replies to this topic

#1 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 24 January 2019 - 10:50 PM

A german IT security blogger recently discovered that NordVPN's official android app transmits personally identifiable information to NordVPN and a few third parties.

 

The checked version of their app is v3.9.8 which seems a few versions behind the current branch but still fairly recent.

The blogger discovered that a user's Google mail address along with the advertising ID and a bit of other info are sent to Iterable, AppsFlyer and Tune along with some Google services like Analytics - all seemingly without the user's consent and even without mentioning it in the app's ToS.

 

Of course customer support has been asked as well. Their answer was not satisfactory:

 

Hello there! We use these tools to monitor aggregated data to improve UI/UX and determine the efficiency of our marketing campaigns. They are not related to the user’s activity when using our VPN service. In case you have further questions, do not hesitate to drop us a DM!

 

Everyone interested in some of the HTTP POSTs discovered can look at them in the article linked above. The article itself is German-language, but it doesn't contain more info than this, only a bit of the writer's opinion which I share: It's very questionable that a "no-log" or even "privacy-centered" VPN provider like NordVPN is bold enough to state "marketing reasons" as their justification to track users of their Android app. Even worse that this tracking is performed by third parties who will most likely use this data in cross-referencing...

 

Try to avoid NordVPN. Searching for "NordVPN" in this forum alone will yield more than enough reason. One in three newly created threads is about them. :)


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#2 LZ1

LZ1

    It's nice to be nice to nice people

  • Moderators
  • 1955 posts

Posted 25 January 2019 - 01:31 AM

Hello!

 

That's certainly interesting. Thank you for taking the time to post it here and making it available in English :).

 

I completely agree that the choice of justification is very poor in this regard.

 

Moved topic to the proper forum.


Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. Its Guides Section has guides on Linux/Torrenting/Blocked sites & many other topics too.
Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please read the First Questions section in the link above for more details, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Tired of Windows? Why Linux Is Better.

#3 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7801 posts

Posted 25 January 2019 - 05:47 PM

Hello,

 

we wish and we need to distance ourselves from such a behavior which can even imply a criminal infringement in the EU.

 

Events like the one discovered by Mike Kuketz may cast a general climate of distrust in a delicate sector which needs first and foremost customers' confidence.

 

Nowadays VPN "market" is polluted by shady services. Sometimes you can't even know the owners or the running company behind a service.  We are confident that fiscal, legal and technical transparency of AirVPN, as well as high standards both on consumers' protection and privacy fields since the end of 2010, will allow our customers and  non-customers to discern honest professionals from anybody and anything else.

 

We have always and only released free and open source software for public scrutiny and we have always supported a variety of privacy enhancing services in fundamental ways. For example, today we contribute to run about 7% of all the existing Tor exit nodes in the world. https://airvpn.org/mission

 

Kind regards

AirVPN Staff



#4 JSD

JSD

    Advanced Member

  • Members2
  • PipPipPip
  • 32 posts

Posted 03 February 2019 - 10:41 PM

Hello,

 

it might be interesting for you that Mr. Kuketz had a look at some other Android Apps from some VPN services. He found some trackers there, too, In one case (Avast SecureLine VPN) he says he found 14 trackers:

 

  • AppsFlyer

  • Facebook Ads

  • Facebook Analytics

  • Facebook Login

  • Facebook Places

  • Facebook Share

  • Google Ads

  • Google Analytics

  • Google CrashLytics

  • Google DoubleClick

  • Google Firebase Analytics

  • Inmobi

  • Moat

  • Twitter MoPub

 

Immediately after the start, Avast SeureLine vPN's app is contacting Facebook, according to Mr. Kuketz, and is sending some information including a Google advertising ID, the type of the device and the display resolution among other information.

 

At least, Avast mentions all the third parties contactd by the app in its Privacy Policy. However, according to Mr. Kuketz, this was not true in many other cases: He said there were no hints that the app would send some information to multiple third parties.

 

In some cases, Kuketz said he could not find out which pieces of information were sent, because they were encrypted.

 

Below are the relevant links. (Regrettably, it seems that Mr. Kuketz’ findings have only been published in German so far, but you may get an impression with the help of a good translation program).

 

https://www.kuketz-blog.de/cyberghost-vpn-android-app-verseucht-mit-trackern/

 

https://www.kuketz-blog.de/vyprvpn-no-logging-versprechen-wertlos/

 

https://www.kuketz-blog.de/avast-secureline-vpn-14-tracker-in-einer-app/

 

https://www.kuketz-blog.de/avg-secure-vpn-weitere-vpn-app-mit-haufenweise-trackern/

 

 

This state of affairs is really disquieting. :no:



#5 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 03 February 2019 - 11:11 PM

It would be more interesting to have insights into the apps of all the providers who regularly place themselves on the no-log VPN provider list of TorrentFreak for example. I only recognize VyprVPN, the rest are more or less known for it.

Nevertheless, it seems we've found a silver mine of information on it. Let's see what he digs up next and consider donating a small amount of money for his work.

Sent via Tapatalk.

Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)






Also tagged with one or more of these keywords: NordVPN, Android, app, privacy, data

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Servers online. Online Sessions: 13671 - BW: 51879 Mbit/sYour IP: 34.229.175.129Guest Access.