November 10, 2025 – Google has issued a global warning to billions of users over the rising security risks associated with virtual private networks (VPNs).
The tech giant cautioned that several VPN applications are being used to spread malware and password-stealing programs, compromising user privacy and device security.
According to a report by Forbes, Google’s Vice President of Trust and Safety, Laurie Richardson, confirmed multiple security alerts in a recent advisory. The warning comes amid the rollout of the UK’s Online Safety Act and new U.S. state-level online regulations, which have prompted many users to turn to VPNs to bypass restricted content and age-verification systems.
However, Google revealed that cybercriminals are disguising malicious software as legitimate VPN apps, targeting users across Android and other platforms. “Threat actors are deploying fake VPN services that secretly steal personal information and track user activity,” Richardson warned.
Google’s official guidance urges users to only install VPNs from verified sources such as the Google Play Store, ensuring the app carries the official VPN badge. The company also advised against free VPN offers, sideloading unverified apps, or granting permissions that allow access to contacts, messages, or personal data.
Cybersecurity experts echo Google’s concerns, emphasizing that malicious VPNs can expose sensitive data instead of protecting it. Users are encouraged to verify app authenticity and update devices regularly to stay protected from evolving digital threats.