Home » 4 Android VPN apps uncovered Displaying Disruptive Ads
Cyber Attack

4 Android VPN apps uncovered Displaying Disruptive Ads

4 Popular Android VPN apps uncovered Displaying Disruptive Ads
4 Popular Android VPN apps uncovered Displaying Disruptive Ads

4 Android VPN apps uncovered Displaying Disruptive Ads

Security researchers recently discovered four popular Android VPN apps with 500+ Million installs showing disruptive ads.


  • Four VPN apps within the Google Play Store were uncovered by security researcher, Andy Michael to serve disruptive ads within the background.
  • All four apps have more than 500 million downloads and its developers belongs to China.

The Story

While suspecting some suspicious adware-based activity, four Android VPN apps were analyzed by Andy Michael. According to the research by Andy Michael, the four Android apps namely HotSpotVPN, Free VPN Master, Secure VPN, and CM Security Applock AntiVirus, were found to pushing advertisements while the app was running within the background. The apps were displaying full screen pop-up ads on the devices even the apps were not open.

The research further claims that all these apps are from China or Hongkong. Due to China’s Great Firewall and various protests ongoing in HongKong, the usage of VPN services are higher. Apart from that, two apps have been observed to have similar codes. While free apps using ad-serving campaigns to generate profit, and due to its huge number of downloads, it helped the apps to serve disrupting ads to earn huge profit.

  • Users see frequent full-window pop-up ads within their smartphone screen even when the apps are not open.
  • Clicking on ads redirect users to unknown sites that bring fraudulent revenue to its authors;
  • The suspicious ads can invade user’s privacy and involves risk to data to be misused.
  • Due to constant HTTP request, the CPU gets heated quickly and thus, affects the battery life of the device.

Adware Behaviors Of Apps

According to adware behavior analysed by Andy Michael, found that 4 Android VPN apps uncovered displaying disruptive ads. Along with the APIs integrated from Google and Facebook to display ads, the apps uses obfuscated codes to display full-screen pop-up ads that appear even outside the app environment.

  1. Hotspot VPN: Its name imitates to Hotspot Shield, a legitimate VPN service. The app uses Obfuscated code apart from APIs from Google to show full-screen advertisements irrespective of the app is open or not.
  2. Free VPN Master: Like the Hotspot VPN, similar code was detected integrated within the app with little modification. It also has the same behavior.
  3. Secure VPN: Unlike the above two apps, this one found to be most serious disruptive. As it uses classes and references that manages different events like how to show ads, when to show show ads, request and render. Thus, it managed to serve ads even when the user is running other apps on their smartphones that even appears on the top of the home screen.
  4. Security Master: This app uses a more sophisticated way of pushing ads. It serves ads from various services including Facebook, GitHub, AirBnB, and Google so on. It displays ads when user tries to go back to their home screen or when user clicks some specific buttons.

“This application takes it a step further. Instead of constantly showing the ads the app leverages its enormous user base and intrudes less often and randomly. It uses a more sophisticated approach by popping up the app instead and showing the ads immediately after you try to get back to the home screen,” says Michael about Security Master application.

Word Of Caution

While Google always keeps scanning for any malicious activity within the apps in the Play store. And users are always alerted about any malicious activity detected by the apps, and such apps quickly been taken down from the play store. Like in recent detection , when Malware Discovered in CamScanner Android App With 100+ Million Users.

Despite great efforts, still some apps manages to push malicious codes within the apps for some evil motives like stealing user;’s data, generate fake traffic or revenue by serving ads and even distribute payloads of harmful threats. Thus, users need to be very cautious while downloading any apps from any unknown sources.

Learn More About: What is a VPN and how to choose a trusted one.

About the author

UnboxHow Team

If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with us directly on Google Plus, Facebook or Twitter. We would love to hear your thoughts and opinions on our articles directly.

Add Comment

Click here to post a comment