Google Play, the official Android app store, has started tagging VPN (virtual private network) apps that undergo independent security audits with a special badge. Independent security audits test VPNs under different circumstances and also check how reliable they are.
These badges will help users know which VPNs take their security seriously. The move is an important step towards ensuring that people are able to choose the most trustworthy and reliable VPN services.
To receive the badge, VPNs will have to meet a certain standard, details of which we’ve discussed below.
Which Apps Are Eligible to Receive the Badge?
For a VPN app to be tagged with the “Independent Security Review” badge, it has to meet the Mobile App Security Assessment (MASA) standard. MASA was introduced in 2022 as part of the App Defense Alliance (ADA) initiative.
ADA is concerned with various security requirements for mobile apps in areas such as data privacy, cryptography, network communications, and code quality. It aims to standardize security audits for mobile apps.
Why VPN Apps First?
As VPNs handle sensitive user data and internet traffic, Google considers them critical for privacy and security. Displaying the MASA badge for VPN apps enhances transparency around their security practices.
So far, major VPN services like NordVPN, Google One, and ExpressVPN have earned the new Play Store badge by completing an independent MASA audit from an approved cybersecurity partner. Other audited VPNs like Aloha Browser and Private Internet Access have valid MASA certificates but haven't received the badge yet.
NordVPN’s “Independent security review” badge.
What's Involved in a MASA Audit?
MASA audits examine source code, server configurations, and test for vulnerabilities. This verifies VPN providers' claims around not logging user data or IP addresses. Technical details for audited VPN apps are available in Google's public MASA certification directory.
While starting with VPNs, Google plans to bring independent security reviews to more app categories soon. However, as of yet, it is unclear when this will happen.
How Can Apps Participate?
Google encourages all developers to submit their apps for MASA certification. Completing an independent security review will qualify apps to display the trust-building badge on Google Play.
If you have an app that deals with confidential and sensitive information, then we recommend you send it for approval, too, as the badge will signal to people that your app takes its users’ privacy seriously.