Free is nice -- until it's not. In a study of over 800 no-cost virtual private networks, a cybersecurity team found that nearly two-thirds relied on vulnerable coding and put consumers' data and privacy at risk. The investigation by Zimperium zLabs, a mobile security company, looked at VPNs for both Android and iOS, and found that hundreds offered no real privacy, required risky permissions, leaked personal data and used outdated and vulnerable code.
Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
Zimperium zLabs said these issues are very problematic for companies with bring-your-own-device policies.
"These mobile VPN apps, even popular ones, can become the weakest link in an organization's security posture, exposing sensitive business data to unnecessary risk," the report said.
Read more: How Do You Sell People on VPNs? Just Say 'VPN' Over and Over and Over Again
What's a VPN?
In theory, a VPN -- short for virtual private network -- is software that encrypts the data transmitted over your computer's network connection. Your internet traffic is routed through a protected server in a remote location before it's sent to the website or app you're attempting to access.
This encryption prevents your ISP from knowing the websites and apps you're using, and websites and apps can't tell who your ISP is, improving your online privacy. It's also a way of hiding your physical location, which many internet users take advantage of to access services that aren't otherwise available in their country or state.
Read more: The Best VPNs of 2025 | 6 Reasons to Use a VPN
Phishing attacks and screenshot captures
... continue reading