The Google Play Store now lets users know whether VPN services downloaded from the storefront have passed security audits from independent agencies.
VPN apps that have been reviewed in accordance with the Mobile App Security Assessment (MASA) guidelines (the brainchild of the App Defense Alliance (ADA)) will now have a badge next to them that says “Independent security review” in the Data Safety section.
In a blog post When explaining the addition, Google noted that there are certain requirements an app must pass the MASA test, covering areas such as data storage and privacy, cryptography, authentication, networking, permissions and encryption.
MASA standards
In order for an app to be reviewed by MASA and thus obtain the new Google badge, only a handful of independent cybersecurity companies are accepted as valid auditors, such as Bishop Fox, Dekra and NowSecure, to name a few.
VPN providers and other privacy tools accept independent security assessments to instill users’ trust, letting them know that their online activities will not be recorded or their real IP addresses will not be revealed, either through mistakes or intentionally, as this is what the audits will look for.
Popular VPNs such as ExpressVPN, NordVPN and Google One already have the new badge, as they have undergone or will undergo MASA security audits in due course.
However, some other VPNs are MASA certified but don’t have the ‘Independent security review’ badge in the Play Store – at least not yet.
Google has one form for developers to complete if they want their app to go through an independent security review, as the tech giant looks to improve the security of its platform and boldly states that its “goal is to make Android the most secure mobile platform.”
The Google Play Store has had its fair share of security issues lately, with a worrying number of apps that are malicious, either containing malware or violating user privacy.
There are also reports of many unscrupulous VPN services, which are often given away for free and are in fact dangerous to users as well.