Google has begun verifying virtual private network (VPN) apps on its app store Google Play. In a blog post announcing the development, Google Play said that it would give verified badges to those consumer-facing VPNs that ‘prioritize user privacy and safety’.
To earn the verified badge, VPN providers would have to ensure that they adhere to Google Play’s safety and security guidelines. These guidelines suggest that apps should ask for credentials before disclosing sensitive information, apply network security measures, and safeguard communication between your app and other apps. Further, verified VPN players also complete the Mobile Application Security Assessment (MASA) Level 2 validation.
The VPN app must have at least 10,000 installations and 250 reviews, and before seeking verification the service must spend 90 days published on Google Play. Further, the VPN service must submit a data security declaration opting into independent security reviews and declare how they collect and handle user data. Google Play notes that this list of requirements is “not exhaustive” and that it considers other factors when evaluating an app for a verified badge. The app store has already provided Nord VPN, Aloha Browser and hide.me with this verified badge.
Why it matters:
VPNs act like a tunnel on the internet, preventing your internet service provider from seeing what you are doing online. Besides telecom companies, they also prevent others such as hackers or unauthorised third parties from readily accessing their data. They also allow people to access content that might be blocked in their region. However, while a VPN might prevent telcos and unauthorised third parties from accessing your data, this invariably means that the VPN itself gains access to your online activity.
“People don’t understand that the number of VPN companies that are legit are in the lower single digits,” Anand Venkatanarayanan told MediaNama last year discussing telecom traffic data. Similarly, US lawmakers have also previously sought attention to the fact that VPN companies misrepresent their products. While they claim that their products do not collect logs of customers’ activities, they have been reporting personal user data to third-party tracking companies.
In such a case, verification badges can be an effective way for users to readily identify legitimate VPN services.
India’s VPN regulation and conflicts with privacy:
Despite the role of VPNs (at least the legitimate ones) in keeping people safe online and preventing unauthorised access to it, the Indian Government has in the past asked these companies to collect and store customer details like names, allotted IP addresses, contact number for a period of five years in compliance with CERT-IN’s 2022 cybersecurity directions. This requirement goes against the right to privacy and VPN provider SnTHostings had flagged this concern in its court case against the directions.
Advertisements
The Indian Government responded to this case by stating that total anonymity online could allow bad actors to cause havoc online. It mentioned that VPN services are prone to misuse and make it harder for authorities to trace bad actors in time. The Government also added that it was not asking VPN providers to monitor customer activities but rather just maintain security logs and basic identity information. Since then, the Government has blocked 11 VPNs on Google and Apple app stores for non-compliance with CERT-IN’s 2022 directions.
Note: MediaNama has reached out to Google for information regarding the additional factors it considers when giving a VPN the verified badge. We will update the story with this information once we hear back from the company.
Also read:
Support our journalism:
For You
Source link
