Android phones and tablets are powerful computers. It is therefore every bit as vital to protect yourself with a VPN when using one, as it is when using your desktop PC or laptop. In fact, given that you likely carry your Android phone around in your pocket or purse everywhere you go, it can be argued that it is even more important! In this look at the best Android VPNs, I will also discuss other security issues related to using an Android device.
When it comes to security and privacy, you should always remember that any mobile phone is a serious liability, whatever operating system it runs. On Android phones, ditching the default version of Android you bought it with and flashing a more privacy-friendly ROM can certainly improve the situation.
But even then, you should strictly manage your privacy expectations. Tablets without cellular functionality are better in this regard, as cell towers track mobile phones everywhere. GPS location awareness and Google Services, however, still present major threats.
Android VPN clients will, in general, provide all the usual benefits of running a VPN. An important caveat, however, is that apps often send all sorts of data directly back to their developers.
I will discuss the implications of this further, after we have looked at BestVPNRviewz.com’s recommendations for the best Android VPN!
Great customer service and ease of use are the primary reasons that ExpressVPN remains such a popular choice for Android VPN users. As with its Windows, Mac and iOS clients, the ExpressVPN Android app strips things down to ensure that using it is simplicity itself. This focus on customer satisfaction is also amply demonstrated by ExpressVPN’s 24/7 customer support and industry-leading 30-day money-back guarantee.
ExpressVPN keeps no usage logs, but it does keep some connection (metadata) logs. It is based in the British Virgin Islands, but how this affects privacy is a little unclear. Users in China will appreciate ExpressVPN’s special “stealth” servers, however, which also work using its Android app.
Additional features include three simultaneous connections, “stealth” servers in Hong Kong, and free SmartDNS.
Although based in the US (so not for the more NSA-phobic out there), this high-profile VPN company has good privacy credentials. It keeps no logs (at all), accepts payment in bitcoin, and permits torrenting. IPVanish also throws in a free Smart DNS service for all customers.
Much like its desktop client, IPVanish’s Android VPN app is a little basic. But it is easy to use, and works well, making it a great VPN for Android.
Additional features include apps for Android and iOS, and servers in 61 countries.
Based in Panama, NordVPN is well outside the immediate reach of the NSA. It backs up this distinction by being very privacy-focused. NordVPN keeps no logs at all, uses strong encryption, and accepts payment via bitcoins. Some may appreciate NordVPN’s “double-hop” VPN chaining feature, although I am dubious about its value.
The encryption used by NordVPN is also very good. Speeds on many of NordVPN’s servers can be rather slow, but fast servers are available with a little trial and error. Android users are well-served with a dedicated Android VPN client, which in addition to OpenVPN provides the option to use the IKEv2 protocol.
VyprVPN is notable for being one of the rare VPN services to own and control its entire network infrastructure. The result is fantastically fast connection speeds around the world. Features are excellent (as is encryption) and it includes a free Smart DNS service. Customer support is also great and the VPN keeps no usage logs. With a 30-day money back guarantee and a 3-day free trial, there is little reason not to give this service a go.
VyprVPN offers “Chameleon” stealth technology specifically designed to defeat the Great Firewall of China. And it uses UDP ports selection in its apps to help defeat port blocking and other throttling issues. Both of these features are available in its funky Android app. Do please note, though, that VyprVPN does not permit torrenting.
Additional features: no usage logs, uses UDP ports.
I had hoped to see some changes with HideMyAss since our last review, especially in the privacy departm
Website is easy to navigate
Only need an email to sign up
Additional free services
Seven-day free trial
Based in the UK
Poor track record with privacy
HMA does boast an impressive list of locations (assuming they all work), and the website and clients are pretty easy to navigate. If you are looking for an affordable option for general web browsing, it might be worth checking out HideMyAss’s seven-day free trial.
Android VPN apps come in two basic flavors – custom VPN apps from VPN providers, and generic OpenVPN apps that can be configured to work with any VPN service that supports OpenVPN. Custom VPN apps are much easier to set up, as they come preconfigured. And unlike iOS VPN apps, almost all custom VPN for Android apps support the OpenVPN protocol.
This is great, but it is also worth noting that the generic open source OpenVPN for Android app is much more fully featured than its open source desktop cousin.
Unlike many providers’ custom Android VPN apps, OpenVPN for Android provides IPv4 and IPv6 leak protection, and WebRTC leak protection. It can also be configured to act as a kill switch. Please check out A Complete Guide to IP Leaks for information on these features.
Understanding the Limitations of VPN Apps for Android
As with desktop computers, a VPN will encrypt your data and hide your IP address for all internet connections. When accessing websites through your browser for P2P downloading, therefore, you are fully protected when using a VPN. However…
Apps send data back directly to their publishers. Depending on the permissions you grant them, this can amount to a huge amount of personal information, including cellular network and registration details, GPS location data, and more.
In fact, have you ever wondered why that handy spirit level app you downloaded requires permission to access your location data, files, photos, microphone, and contacts? Many free apps monetize themselves by collecting personal information from users, and selling it to advertising and analytics companies.
And even when the app publisher is “legit,” Google makes it far too easy for them to “collect it all” anyway. This means that even the most innocuous app publishers usually know far too much about you. And app publishers such as Facebook are far from “innocuous!”
As if this wasn’t bad enough, the ads used in many apps as a way for developers to monetize their product are a whole privacy nightmare just by themselves!
To gain the full benefits of a VPN on a mobile device, you should therefore access websites and services via their web page or web interface using your browser (preferably the open source and privacy-friendly Firefox), rather than through dedicated apps.
This problem is compounded by the fact that mobile apps are often “leaky,” and allow organizations such as the NSA and GCHQ to spy on their users.
Indeed, according to documents obtained by Edward Snowden, leaky smartphone apps allow them to discover everything from “phone model and screen size to personal details such as age, gender and location,” to “users’ most sensitive information such as sexual orientation. And one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.”
For some reason, much of the publicity surrounding leaky apps focused on mobile games, and Angry Birds in particular. All kinds of apps collect too much information about you, however, with social media apps being among the worst offenders. The Facebook app, for example, collects detailed location data and asks permission to access your SMS messages.
Android Marshmallow (6.0)+ gives users much greater control over app permissions. But denying an app the permissions it requests often results in it simply not working. Basically, avoid using apps wherever possible (VPN apps excepted!).
Use Your Mobile Browser Instead!
VPNs for Android are of limited help when using apps, as apps can access IP and location data directly from your phone, thereby sidestepping the VPN. If you access services via their web portals, however, you gain all the usual benefits of using a VPN.
Great Firefox Privacy Extensions
In addition to using an Android VPN, I strongly recommend using the Firefox for Android browser. Not only is it 100% open source, but it supports some fantastic browser extensions that will improve your privacy:
uBlock Origin – is a lightweight FOSS ad-blocker that does double duty as an anti-tracking add-on.
HTTPS Everywhere – was developed by EFF, and tries to ensure that you always connect to a website using a secure HTTPS connection if one is available.
Self-Destructing Cookies – automatically deletes cookies when you close the browser tab that set them. This provides a high level of protection from tracking via cookies, without “breaking” websites. It also provides protection against Flash/zombie cookies and Etags, and cleans DOM storage.
Do be aware, however, that using any browser add-on makes you more susceptible to being tracked by browser fingerprinting.
Encrypting Your Android Phone
In addition to using an Android VPN and browser add-ons, you can improve the security of your Android device by encrypting its contents. This includes the contents of any SD cards.
There are definitely pros and cons to doing this. Personally, I consider the added security a more than acceptable trade-off for the approximately 9% performance hit this incurs (which in real-life use I don’t notice anyway).
A bigger problem is having to use the same master password used to secure the phone in order to disable the lock screen. This is a real pain if you use a strong password (as you should). If your phone features a fingerprint scanner, however, this is much less of a problem.
Please see How to Encrypt your Android Phone (a Complete Guide) for more details.
Regular phone calls and text messages sent on your Android phone are not secure. At all. And they cannot be made so. It’s not the just the NSA and GCHQ; governments everywhere (where they have not already done so) are keen on collecting all phone calls and text messages, in metadata form at least.
Signal by Whisper Systems is widely regarded as the most secure VoIP and messaging app available. It is open source, and securely end-to-end encrypts your voice and text conversations. This means that no-one – hackers, your ISP, or the NSA, can listen in on your conversations.
It is also easy enough to use that you might actually convince your friends and family to give it a try!
Flash Your Device with a More Secure Custom ROM
Android is developed by Google, a company whose business model is to invade your privacy in order to directly target ads at you. The biggest privacy-invasive culprits in Android are Google Apps (Gapps). These are the proprietary Google-branded applications that come pre-installed with most Android devices, such as the Play Store, Gmail, Maps, and so forth.
Fortunately, Google developed Android as a (largely) open source platform. Independent developers have therefore modified the base Android source code to create alternative versions of the OS, known as custom ROMs.
These are often much more secure than standard versions of Android and, thanks to licensing restrictions, do not come with Gapps pre-installed. Gapps can usually be downloaded and installed by users who value their convenience, but using a version of Android without any Google Apps installed will greatly improve your privacy.
CyanogenMod is easily the most popular custom Android ROM. It comes with a ton of security and privacy enhancements over “regular” Android. Those looking for a very hardened Android setup might want to consider CopperheadOS (Nexus 9, Nexus 5X and Nexus 6P only).
Edit. CyanogenMod has been discontinued. Cyanogen Apps gives users of CyanogenMod access to apps previously only available on Cyanogen OS.
How to setup a VPN connection in Android
Using custom VPN apps
Many VPN providers now offer custom VPN apps. These can usually be downloaded and installed from the Play Store, as per any regular Android app. Privacy-heads who prefer to avoid Gapps can usually request the raw .apk file from their provider.
Setting up a VPN manually (PPTP and L2TP/IPsec)
1. Open the VPN settings. This varies a bit by Android version, but in general, go to Settings –> More networks -> VPN. Note that you are required to setup a lock screen for this if you have not already done so. Just follow the prompts.
2. Touch + to Add VPN network. Enter a name for your VPN connection, choose Type, and enter the details given by your VPN provider
PPTP setup is ridiculously easy, but is horribly insecure. So don’t bother
L2TP/IPsec setup is still pretty easy, but is much more secure. It usually requires you to enter a long pre-shared keTo start the VPN, go to VPN settings (step 1), touch the VPN connection you want, and enter your VPN username and password
3. To start the VPN, go to VPN settings (step 1), touch the VPN connection you want, and enter your VPN username and password.
Et voila! You are connected
Notice the key icon in the taskbar. This lets you know that you are connected to a VPN server.
Setting up OpenVPN manually
OpenVPN Connect is a perfectly good app, but in this tutorial I shall use the more fully featured open source OpenVPN for Android. As of version 2.4.0 this features full IPv4 and IPv6 leak protection, and WebRTC leak protection. And as noted above, it can be configured to act as a kill switch.
1. Download the OpenVPN configuration files from your VPN provider’s website. You can then unzip them (if required) and transfer to a folder on your Android device.
Or you can download them directly to your Android device and unzip them with an app such as ZArchiver if needed.
2. Download, install and run OpenVPN for Android (if you haven’t already). Touch the + icon to the top right of the screen to Add Profile. Give the profile a suitable name, and hit “Import”.
3. Navigate to the folder where you saved the unzipped OpenVPN config file(s), and chose a server (if more than one .ovpn file downloaded). Once imported, touch the tick ✔ icon to continue.
4. Once done you will see the server name in under the Profiles tab. To start the VPN, just touch the server name you want to connect to.
Many providers include all necessary keys and account information in customized .ovpn files, so no further configuration is needed. Others may require that you enter your account information and other details. Please see your provider’s documentation for specific instructions.
As always when it comes to internet privacy and security, VPNs for Android should be considered vital tools in your privacy and security toolkit. As long as you access services via your browser, they provide all the advantages of using a VPN on your desktop.
Equally, as always there is no magic bullet solution to privacy and security problems. This is especially true for mobile devices, which should always be regarded as inherently insecure. As discussed above, however, there are things you can do to improve the situation (which includes using VPNs for Android). Just please be aware of their limitations, and act accordingly.