Research On The Security And Privacy Of Mobile VPN Applications

With the rapid popularization of mobile Internet,network security incidents occur frequently and network privacy leakage problems emerge one after another.Under this background,VPN applications using anonymous access to the network,encrypted network data as a selling point,has attracted widespread attention.However,researches show that some VPN applications have many security and privacy vulnerabilities due to their imperfect basic services and improper configurations of developers,which cannot effectively protect users' privacy and security.At present,there is no mechanism to detect the security and privacy of VPN applications in China,and users without professional knowledge cannot tell whether VPN applications provide effective security and privacy services.This paper studies and summarizes the security and privacy problems of VPN mobile applications,then designs and implements a set of security and privacy detection system for VPN mobile applications.We used the detection system to detect over 300 VPN applications.The experimental results are analyzed by multi-dimensional data.In particular,we build a heterogeneous relationship network at the level of network of VPN application based on the server IP and domain resolution history provided by Passive DNS,and made relevant analysis on this network.The main work of this paper is as follows:(1)Design and implement the mobile VPN application security and privacy detection system.This security and privacy detection system is designed for both Android and iOS platforms and is divided into two parts:static analyze and dynamic detection.Static analyze mainly uses reverse technology to detect sensitive permissions,third-party libraries and malicious behaviors of VPN applications.The dynamic detection part is based on the automated testing framework Appium.By writing simple scripts,the VPN connection can be automatically triggered to detect the network security of VPN applications,including DNS,IPV6 leak detection,Kill-Switch detection,and tunnel configuration detection.In this paper,the detection system was used to detect more than 300 VPN applications,and 243 VPN applications'network behaviors were recorded for a long time.(2)Conduct correlation analysis on VPN applications.We conduct family clustering on VPN applications using,resource similarity and network relationship of VPN applications.In order to study the application of VPN network relationship,we build a heterogeneous information network of VPN network with VPNS' server IP and Domain resolved by Passive DNS.(3)Overall analysis of the whole mobile VPN application ecosystem.we summarize and analyze the current mobile VPN application ecosystem in a multidimensional way,focusing on the services provided by VPN applications,their security and privacy,the server evolution characteristics of VPN applications and the relationship between VPN applications.Our research shows that mobile VPNS have a wide range of security and privacy issues.In terms of basic services,many VPN applications falsely advertise the number of lines they provide and the location of the servers they provide.In terms of security and privacy,some VPN applications have problems such as obtaining users' sensitive permissions,embedding a large number of third-party libraries,leaking DNS,IPV6 traffic,insufficient security of tunnel protocol,and clear text interacting with the server.At the same time,we found that there are many repackaged applications in the VPN market,and plenty of VPN applications share their server IPs.