Fake VPN apps

Fake VPN apps are designed to look like legitimate privacy tools, but they often fail to protect your data or even put you at risk. Instead of securing your traffic, they may log your activity, serve ads, or use your device in ways you didn’t agree to. Knowing what to watch for helps you stay safe online.

This guide covers what fake VPN apps are, why they’re dangerous, and how to spot them. We’ll cover which features matter the most, which parts of a privacy policy you should pay special attention to, and other useful tips. Finally, we’ll share some VPN apps you can trust.

What are fake VPN apps?

Fake VPNs are one of the most common VPN scams out there. Whether they’re providers with limited public information or copycats riding the coattails of more established companies, the goal of every fake VPN app is to profit off of unsuspecting users.

screenshot of a fake VPN app description on the Google Play Store
Ah yes, the Best expressvpn VPN

This could happen by recording your activity and selling it off to data brokers and other shady third parties, showing intrusive ads, using your bandwidth without your knowledge, or installing dangerous malware on your system. Some fake VPN apps simply offer a weak, insecure service and hope you upgrade to a paid plan before they vanish.

Why are fake VPN apps dangerous?

Fake VPN apps put your security and privacy at risk in multiple ways, from logging data to charging for worthless plans. Here’s what you need to watch for.

User data logging and selling

Your online behavior is valuable to advertisers, data brokers, and other snoopers. Every site you visit and every app you use can be tracked and stored for profiling. As such, it’s no surprise that fake apps and a decent number of free VPNs log and sell your data.

This data can follow you across platforms and even be linked to your real identity. That makes it easier for companies or hackers to target you with ads, phishing, or other scams. A VPN that logs data defeats the whole point of using one.

Bandwidth hijacking

Some fake VPNs route other people’s traffic through your device without telling you. That turns your internet connection into a makeshift server, which can slow your speeds and use up your data allowance.

Hola VPN is an infamous example that lets traffic pass through users’ connections so others can access streaming services, essentially adding your device to a botnet. Your bandwidth ends up powering someone else’s service while you get little benefit from the VPN itself.

Malicious code or ad injection

Fake VPN apps sometimes inject malicious code or ads into your browsing, causing annoying pop-ups, redirect loops, and other strange behaviors. At best, you’re dealing with potentially unwanted programs (PUPs) that let some sketchy dev collect ad revenue.

At worst, you’re installing straight-up malware that spies on your activity, logs your keystrokes, or corrupts your files. The ads you get served may also promote other PUPs or dangerous apps. Instead of securing your connection, fake VPNs end up actively harming it.

Weak or missing encryption

VPNs use encryption to mask your traffic and make it unreadable to your ISP, hackers, network admins, and anyone else trying to monitor your activity. Unfortunately, fake VPN apps often have weak or no encryption. This leaves your passwords, messages, and other sensitive data exposed when you think you’re safe.

DNS leaks and IP exposure

Many users get a VPN to hide their real IP address, whether it’s to access streaming platforms, keep their location private, or bypass internet censorship in their area. On the other hand, fake VPNs will most likely leak your IP and DNS requests.

This exposes your true location to advertisers, streaming apps, government surveillance, cybercriminals, and so on.

Fake premium charges

Some fake VPNs offer poor services and ask you to upgrade to a “premium” plan for better speeds, no throttling or data caps, and other benefits. Once they get your money, they vanish or continue offering the same low-quality connection.

Scammy providers can auto-renew subscriptions or bury cancellation options, making it hard to get your money back. In some cases, your only option may be disputing the charge with your bank or card provider.

How to spot fake VPN apps

Spotting fake VPN apps is easier if you know what to look for. From company info to encryption and reviews, these tips will help you avoid scams and poorly run services.

1. Research the company behind them

A VPN stops your ISP from seeing your traffic, but now the provider can access it. Even if the VPN has a no-logs policy, you have to trust that they’ll stick to it. Here’s a little checklist to help you avoid potentially fake VPNs during your research:

  • Company history and track record: A quick look at the provider’s “About Us” section should tell you how long the VPN has been around, its mission, and background. Descriptions that reveal nothing (like the one below) are a warning sign. screenshot of a generic About Us page for a fake VPN
  • The provider’s jurisdiction: Where a VPN is based affects which laws apply to your data. Providers in countries with strong privacy protections are generally safer. If the company hides its location or is based in a country that’s part of the 5/9/14 Eyes, you might have less control over your information.
  • Reviews outside the official site: On-site testimonials can easily be faked or cherry-picked to make the provider look good. If there are no reviews or user ratings elsewhere, it’s either a fake VPN or a very new provider. Either way, you should stay cautious and look for more proof before trusting it with your data.
  • Encryption standards used: If the app doesn’t say what kind of encryption it uses, it might be cutting corners on your security (or may not be using any at all).

2. Read the VPN’s privacy policy

Yes, no one wants to waste time wading through boring privacy policies. But while you may be able to get away with it on some random site you sign up for with a temporary email, a VPN basically handles all your day-to-day traffic.

As such, you should check the provider’s data logging policies: what they collect, where it’s stored and how long they keep it, and whether they share it with any third parties. Ambiguous language, unnamed partners, or a complete lack of a privacy policy should be your cue to tab out and use a different VPN.

And whatever you do, never share sensitive info like your full name, ID, Social Security Number, or others to “verify” or “secure” your VPN account.

3. Check for independent audits

Independent audits are a good way to tell whether a VPN sticks to its promises. Providers often hire security firms to review their code, encryption, and logging practices. A recent audit adds credibility, while missing or outdated ones may indicate hidden weaknesses.

For Android users, it’s worth noting that Google added a new “Verified” badge on the Play Store. VPNs that want to get verified have a long list of requirements, including completing a security assessment, reaching at least 10,000 installs with 250 reviews, and being on Google Play for 90+ days, among others.

Now, audits don’t guarantee complete safety. However, they give you an extra layer of assurance beyond the marketing babble.

4. Ensure they have active support channels

Whether the company offers live chat, email, or a detailed help center, this shows it cares about its users. Lack of support or being limited to unhelpful AI chatbots can be a sign of a temporary operation. Or, at the very least, a provider you can’t count on when you need it.

Try reaching out with a question before subscribing. The speed and quality of the response tell you a lot about how the provider operates. It’s also worth checking if they’re active on social media. Regular updates and replies to users suggest the service is still maintained.

One thing to watch out for is fake VPN apps that leave flaws in the app on purpose, encouraging you to reach out for help. When you do, scammers can pretend to be support staff and try to get you to click phishing links or reveal personal details.

5. Verify their encryption and security

Look for ones that encrypt your data with AES-256, ChaCha20 (or equivalent methods), and use secure protocols like OpenVPN, IKEv2, WireGuard, or in-house options like NordLynx or Lightway. Avoid VPNs that still support insecure protocols like PPTP or L2TP/IPSec, or ones that don’t even list their options.

Now, most users can’t exactly check how strong a VPN’s encryption really is. Sure, you could use a packet sniffer like Wireshark to inspect your connection, but that’s beyond what most users are willing to do. Checking the provider’s documentation or third-party audits is a more realistic option when choosing a VPN.

What you can do, even if you’re not tech-savvy, is check the VPN for DNS or IP leaks. All you have to do is go to IPleak.net (or similar services) while connected to the VPN and see if your real IP still shows up. That way, you’ll know whether the VPN has proper leak protection.

Also, make sure the app has a kill switch, which cuts off internet access if the VPN connection drops. This stops your traffic from going through your regular connection and exposing your real IP address.

6. Watch out for exaggerated claims

Be skeptical of apps promising unlimited speed, total anonymity, or access to every streaming service. Here’s why:

  • Connection speed: Even the fastest VPNs add some delay because your traffic is encrypted and passes through distant servers. They can help you avoid ISP bandwidth throttling or fix unstable connections, but they won’t magically make your internet faster than it already is.
  • Online anonymity: No VPN makes you truly invisible online. To get close, you’d need to clear cookies, block trackers, manage browser fingerprints, and keep your VPN undetectable. A VPN is just one piece of the puzzle that is your online security.
  • Streaming access: VPNs can help you reach content in different regions, but they don’t guarantee access to every platform. Even top-rated VPNs often get their servers blocked, and it can take a while to get things back up and running.

“Lifetime subscriptions” are also always bogus. Either the provider disappears or stops updating the app after you pay, or they claim it’s valid only for the lifetime of the VPN. Stick to regular subscriptions to avoid getting scammed.

7. Check how “free” VPNs make their money

VPNs have to fund servers somehow. As we’ve mentioned before, some free and fake VPNs show ads, sell your data to third parties, or route traffic through your device.

Others offer a free plan with a small number of servers, data caps, and limited features, then cover costs with a decent premium plan. Understanding the business model shows whether a free VPN is safe to use.

Check the provider’s website or privacy policy to see how it funds the service. Transparency about ad support or optional premium plans is fine, but vague or hidden methods suggest the service may be harvesting your info without permission.

8. Review VPN app permissions

Check what access the VPN app requests on your device, as it should only need permissions related to network connections.

Fake VPN apps may request access to contacts, the microphone, or storage without explanation, essentially acting like spyware. Only install apps that request what’s strictly necessary for core functionality.

9. See user and professional reviews

Look for independent user reviews (e.g., on Reddit, the VPN’s forums if available), as well as tech articles that can warn you about performance issues or misleading claims. You’ll also get a heads-up about potential billing issues, missing features, and other issues.

Which VPN apps are legit?

If all this research sounds like a headache, we don’t blame you. Fortunately, you can always check out our list of the best VPNs, where we cover providers with a proven track record for quality. A couple of them even offer a free plan, though you can always test out their premium features without committing, thanks to generous 30-day+ money-back guarantees.

Here’s a sneak peek of our top providers:

  1. NordVPN — Best VPN overall, independently audited and secure.
  2. Surfshark — Affordable VPN with unlimited connections.
  3. IPVanish — Fast and reliable VPN with no device limits.
  4. ExpressVPN — Top-notch security and fully obfuscated network.
  5. CyberGhost VPN — Great for streaming with optional NoSpy servers.

Fake VPN apps FAQs

Are there fake VPNs?

Yes, fake VPNs exist, and you can even find them in official app stores. Some collect your data, show aggressive ads, or skip basic security like proper encryption. You need to check who runs the app and how it makes money before trusting it with your traffic.

Is there a real free VPN?

Yes, there are real free VPNs, but most come with significant limitations (usually data caps, fewer servers, or slower speeds). A provider still has to cover server costs, so you should look into how they fund the service before using it.

Is it illegal to use a VPN app?

Using a VPN app is legal in most countries, though there are several countries where VPNs are banned or heavily restricted. If you’re traveling internationally, consult local laws before using a VPN, lest you run into legal trouble.

Can a VPN see what I search?

A VPN can see what you search if it logs your traffic on its servers. When you connect, your data passes through the provider’s network before reaching the internet. That’s why choosing a service with a clear, audited no-logs policy is essential.

Can a VPN be detected?

Websites and networks can detect VPNs, as they see your traffic is coming from a VPN server IP. Most popular streaming platforms and some workplaces block known VPN IP ranges. While detection doesn’t reveal your real IP, it can still limit your access in some cases.

What can a VPN not hide?

A VPN cannot hide your activity from websites where you log in to your account. Many of them also can’t stop trackers, browser fingerprinting, or malware already on your device. You still need safe browsing habits and basic security tools alongside it.

Related: