Security

Free VPNs: Should You Be Using Them?

Paid VPNs more than justify their cost simply because of how effective and — most importantly — secure they are, especially compared to their free counterparts.

Published

7 months ago

April 11, 2025

ManageEngine

“If something’s free, you are the product”.

Corporations aren’t charities. When they offer you a free service, there’s almost always a catch. This catch usually manifests in the form of data mining, where your online activity is not only tracked but also sold to ad agencies for targeted advertising. They’ve got to make money somehow, right? This isn’t a secret, either. Most people are fully aware that they are being tracked to some extent. That’s the price of free software, after all.

Where this becomes especially concerning is when software that’s used specifically for the express purpose of avoiding tracking itself tracks your activity. And that’s one of the many issues with using free VPNs.

Paid Is Always Better, Right?

While there is no denying that free VPNs are certainly functional, it’s always better to stick with a reputed, well-known, and paid VPN service, especially if you value your privacy. However, it’s also important to remember that just because particular software is paid doesn’t necessarily mean that it’s better or even effective on a fundamental level. We can’t stress this point enough: Do your research — read plenty of reviews and use free trials whenever possible to test these services out for yourself.

The Freemium Problem

Free VPNs are plagued by the same problems as most free apps: advertisements, paywalls, and privacy concerns. Most “free” VPNs aren’t completely free, either, usually following a freemium model where the base package features reduced performance, speed, inadequate privacy protections, and a severely limited ability to bypass content restrictions. You’re expected to pay for a subscription to unlock higher performance. At that point, if you are considering paying, why not just opt for a more well-known paid VPN service with a proven track record?

Free Doesn’t Mean Risk-Free

Running a reliable VPN service demands a significant investment of resources. It involves setting up a large global network of VPN servers to ensure seamless service delivery, regardless of the location of the user. These servers must be equipped to handle heavy traffic loads and comply with strict privacy standards while also being able to bypass content restrictions, as several content providers and websites actively detect and block VPN usage.

Free VPNs, lacking a steady revenue stream, often don’t have the resources to maintain and upgrade a vast server network. This results in a subpar user experience — slower speeds, inconsistent connections, and, more concerningly, weaker security. Even worse, free VPN services have been caught leaking private user data. Such service providers may also resort to tracking and selling your data to third-party ad agencies, which defeats the entire purpose of using a VPN in the first place. As we’ve already mentioned, they’ve got to make money somehow, right? So, with these risks in mind, it’s worth asking: Are free VPNs really worth it?

Do Your Due Diligence

As with any software, especially one involving sensitive data like a VPN service, it’s important to do your due diligence before choosing an option. Don’t just install the first free service you find on the app store. Because, despite the many issues with free VPNs, there are still a few decent options out there (such as ProtonVPN, which has a relatively effective and feature-rich free tier). And it’s only when you do your homework that you’ll come across such services. But the point still stands: Paid VPN services are always an improvement over their free counterparts in terms of speed, security, and effectiveness, and we’ll always recommend going paid.

Security

Be Cautious Of Malicious Apps Even On Trusted App Stores

Most people trust official app stores like Google Play and the App Store for safety — but even these trusted platforms can host malicious apps. Learn why caution is still essential when downloading mobile software.

Published

2 weeks ago

October 27, 2025

ManageEngine

be cautious of malicious apps even on trusted app stores

Most mobile users know to stick to official app stores to download software — and for good reason. Even though legitimate third-party stores exist, the average user can find everything they need on a first-party platform like the Google Play Store or Apple’s App Store. And while Android — unlike apple — does allow sideloading (downloading installation packages directly off the web) even for regular users, this is usually practiced by people who know what they’re doing and are familiar with the risks.

When publishing an app on the Play Store or App Store, a developer has to pass a robust set of vetting processes, both for themselves and their applications. This vetting process involves both automated and manual testing, making these platforms far safer than third-party app stores and other means of installing software. That being said, users are recommended not to blindly trust even these first-party platforms, as there have been several cases where malicious apps slipped through the cracks in the vetting process. And while both Google and Apple are quick to respond when they detect malicious apps on their stores, the very fact that these malicious apps make it onto these platforms is proof that even their strict vetting processes are not foolproof.

How Do These Apps Make It Onto These Platforms?

No verification system is ever completely airtight, especially when you’re dealing with something as complex as app store vetting. For a malicious actor who knows what they’re doing, slipping past automated checks isn’t particularly difficult. In a lot of cases, it boils down to satisfying a specific list of requirements.

The harder part is clearing a manual review, since that involves human judgment. But even that isn’t impossible. A common tactic is to first publish a legitimate, fully functional app for the specific purpose of passing inspection. Once it’s live and has built some credibility, the app quietly receives an update containing malicious code. This is known as versioning. In other cases, the initial version remains harmless but downloads and executes malicious payloads after installation, either after a specific amount of time or due to certain conditions (like account creation or granting certain permissions) being met. That’s what happened with the Anatsa trojan — a campaign that used innocent-looking document viewer apps to deliver banking malware. Once installed, these apps fetched encrypted malicious code from remote servers, giving attackers access to users’ financial data and even access to their accounts.

It also doesn’t help that human reviewers are under constant pressure. With thousands of apps being submitted daily, there’s only so much attention they can give to each one. And then there’s also the fact that verified developer accounts can be hijacked or sold, allowing attackers to publish apps under legitimate names. Not to mention the cases where malicious software which mimics legitimate and trusted apps also end up being published on these stores. Between automated systems, human fatigue, and social engineering, the cracks in the process are wide enough for malicious apps to slip through.

Knowledge Really Is Power

Just because an application has made it to a first-party app store doesn’t automatically make it a legitimate or safe-to-use app. Like we’ve already discussed, as rigorous as the vetting process is, it’s still possible for malicious apps to end up being published on these platforms. As with any cyberthreat, awareness and good judgment are your strongest defenses. Sticking to well-known apps and developers, keeping your software up to date, and reading reviews (not just on the store) are actions you can take to ensure you don’t end up falling victim to a trojan application that has snuck its way onto the Play Store or App Store.