Google is implementing a security review process for VPN applications available in its official Android app store, signifying apps that have undergone an independent security audit, this initiative comes in response to the “Mobile App Security Assessment” program introduced by the “App Defense Alliance” last year, which sets requirements for mobile app security.
The criteria for this program include data storage, data privacy practices, encryption, authentication, session management, network communication, platform interaction, and code quality.
Google Play Store displays the “Independent Security Review” badge under the “Data Safety” section for VPN applications that Google deems critical for user privacy and security due to their handling of sensitive data, the badge signals that independent parties have verified the app’s compliance with the “Mobile App Security Assessment” initiative, enhancing user transparency and trust.
VPN services claim that they do not retain logs and do not expose the user’s actual IP address, whether due to bugs or other reasons, as they are used to provide online anonymity.
Some VPN services rely on external parties to audit source code, server configurations, and vulnerability scans.
Google requests VPN providers to undergo an audit by an approved cybersecurity partner to confirm compliance with the “Mobile App Security Assessment” initiative in order to earn the “Independent Security Review” badge.
VPN applications such as NordVPN, Google One, and ExpressVPN have already earned the “Independent Security Review” badge, indicating Google’s confidence in their compliance with the “Mobile App Security Assessment” initiative.
Other VPN applications compatible with the initiative, such as Aloha Browser + Private VPN, Private Internet Access VPN, SkyVPN – Fast Secure VPN, Tomato VPN, and vpnify – Unlimited VPN Proxy, have not yet obtained the “Independent Security Review” badge.
More VPN apps are expected to join this initiative soon, promoting transparency through the Google Play Store.
Google encourages VPN developers to participate by completing this form to submit their requests for an independent security review.
The “Independent Security Review” program is expected to expand to include other types of applications besides VPN apps, although Google has not provided a timeline for such expansion yet.
