Last week, AppEsteem was mentioned in several news articles reporting on the VPN apps we listed as Deceptors. We listed them after our research showed these apps automatically installing self-signed trusted root certificates without informed user consent for the risk that this introduced.
Here’s some links to the news articles: one on techradar and one on cnet.
We are already seeing progress from some of these VPN apps to fix these Deceptor-level issues. Some of the apps now obtain informed consent; other apps are moving away from introducing this security risk. Both approaches bring a better, safer experience to consumers of VPN apps.
Driving change across an industry isn’t easy: the reason this worked is because of a vibrant security ecosystem:
- Our AV partners use our research and feeds and usually detect/block active Deceptors and allow Certified apps. This is a direct way to let vendors know when they need to change, as it affects their ability to keep their apps on a consumer’s device.
- Security articles in the media bring attention, encourage more AVs to use our research and feeds, and send a message to the vendor’s employees and investors that their app needs immediate attention.
We are excited by these developments and are looking forward to continuing to work with VPNs and other apps to help facilitate a safer online environment. We love how the security industry can work together to improve consumer safety!