Google Play will now display verification badges on approved VPNs as a way to “highlight apps that prioritize user privacy and safety,” the company announced on Tuesday. The new badge will appear on a VPN app’s details page and within search results, proving that it meets specific standards outlined by Google.
To qualify for the new verification badge, VPN apps must complete a Mobile Application Security Assessment (MASA) Level 2 validation, which evaluates an app’s security. VPNs must also have at least 10,000 installs and 250 reviews, be published on Google Play for at least 90 days, submit information on how they collect user data, and opt in to independent security reviews. Google notes that while “other factors contribute to the evaluation,” completing these requirements “significantly increase[s]” a VPN app’s chance of getting a verified badge.
This builds on Google’s efforts to provide more transparency and security in the Play Store. The company rolled out privacy labels in 2022 and later introduced a badge showing whether an app received an independent security review.
Clearly, Privacy Guides and Techlore standards are superior in my view. I think this way Google may be misleading people to inferior VPNs from a privacy POV.
This may worsen our advocacy for the ones we recommend.
How else do you formulate a process to evaluate a service/tool like a VPN? Sure, the checklist will need to be “fluid” to account for new chnages and developments and what have you but it’ll be a checklist nonetheless if you are maintaining thresholds for what you consider should be the way or not with a tool like this.
Right. Folks underestimate the power of defaults. If, by default, folks learn to not use VPNs that MASA won’t certify, that’s a win. MASA can then demand more things (given they’re good stewards) as its labels gain more weight. Think of it like the “green lock” Chrome shows for HTTPS websites and Google Search down-ranking non-secure webistes (either expired certs or plain text).
I expect Google to take more & more such decisions (to protect unsuspecting users from app developers at the cost of even looking ridiculous) as Android keeps up its world-dominating growth which in turn attracts some really nasty, greedy, opportunistic, malicious actors from all corners.
As for VPN apps: Some are an absolute racket (ex: run residential proxies, which are primarily used for click/ad-fraud & web scraping, though have “legitimate” uses in geo unblocking apps & content). The less folks use those wicked apps, the better. If it is MASA labels, so be it.
They are so many shady VPNs run by shady companies with unknown security. This can help lower the trust in those, although in my view any VPN that has been on play store for less than 60 day and don’t publish info on security and data pratices should auto be flagged as untrustworthy.
At the same time, this might be true. But tbf, this is already done by the media* which has gave up honest recommendations for VPNs for what gives the most affiliation money.
*Honorable mention to New York Times as an exception.
What Jonah means by that is that unlike PG and Techlore which have a little stricter criteria (in this case does both security and privacy for PG). Google just verifies wherever is more “reputable enough” for them.
