Particle.news
Download on the App Store
3 ARTICLES
·
5h ago

Researchers Expose Covertly Linked Android VPN Families With Flaws That Risk Traffic Decryption

New analyses show hard‑coded Shadowsocks credentials could let eavesdroppers read user traffic.

VPN attack
VPN
Citizen Lab Reports Hidden VPN Networks Sharing Ownership and Security Flaws

Overview

  • Citizen Lab and Arizona State University mapped three provider families on Google Play that appear separate yet share code, infrastructure and security weaknesses, reaching a combined 700 million‑plus downloads.
  • Eight apps — Turbo VPN, Turbo VPN Lite, VPN Monster, VPN Proxy Master, VPN Proxy Master – Lite, Snap VPN, Robot VPN and SuperNet VPN — share code and hard‑coded Shadowsocks passwords, enabling decryption, packet injection and connection takeover.
  • Researchers found widespread reliance on Shadowsocks with deprecated ciphers and identical credentials across apps and servers, evidence the services use common backends.
  • One family’s servers were hosted by a single company, GlobalTeleHost Corp, and several apps collected location‑related data despite policies claiming they do not, while employing obfuscation to foil analysis.
  • The reports advise privacy‑minded users to avoid Shadowsocks‑based clients and highlight prior links some providers have to Qihoo 360, underscoring the need for stronger app‑store vetting and developer transparency.