The simplest weapon that users have to fight data collection, whether by the NSA or Facebook, is a Virtual Private Network (VPN). A VPN encrypts your internet traffic and reroutes it through a supposedly-anonymous server, which in theory makes it difficult or impossible to track an individual user.
But a VPN’s anonymity is only as good as the provider. Secretly setting up your own server, paid in cash, in a non-compromised data center would be the best case scenario. But that’s impractial, so most people use a free or paid-for service, like the thousands of VPN apps on the Google Play Store. But according to one study, those apps are doing jack-all to protect your data.
The analysis found that “75% of [the apps] use third-party tracking libraries and 82% request permissions to access sensitive resources including user accounts and text messages,” but that’s not the worst part. “Over 38% of [apps] contain some malware presence according to VirusTotal,” and “18% of the VPN apps implement tunneling protocols without encryption despite promising online anonymity and security to their users.”
A significant number of apps also routed traffic through other users of the app, rather than through a central server. In a worst-case scenario, that could result in you being accused of piracy or some other kind of crime, thanks to another user of the app.
The study, conducted by researchers from around the world, analyzed 283 VPN apps from the Google Play Store. They looked at the app’s code and conducted traffic analysis to reach their conclusion. Sadly, there’s no list of which apps to use and which to avoid, but perhaps that’s for the best: unless you’re running the VPN yourself (which isn’t all that hard!), you’re better trusting no-one.