Serious privacy issue: Freedome vpn-app leaks actual loaction via wifi (ip-address).

No-body
No-body Posts: 6
in F-Secure VPN

I have installed F-secure Freedome vpn on (among others) my tablet Nexus 7 (model year 2012) wifi-version (everything updated to latest versions on the tablet). I also have installed the "Avast Anti Theft"-app.

When activating and connecting the Freedome to any of the possible F-Secure servers around the world I always get F-Secure servers ip-address when for example testing with www.whatismyip.com. So far, so good and the Freedome-app seems works as expected.

NOW TO THE PROBLEM: When I use the Avast Anti Theft to track my devices actual physical position this app always delivers the correct and actual position!! This happens when the device is connected only via wifi at my home (= the correct and actual physical position), not connected via gps. How is this possible and shall it be this way, that my ip-address I try to hide leaks to Avast via my wifi-connection despite I have Freedome activated?

It clearly seems as the Freedome app fails to hide my correct ip-address (which is used by Avast Anti Theft to track my position). NOTE: The gps is manually turned off before tracking and the gps cannot be forced on by the Avast app (my device is not rooted). (There are also other indications that the gps is not involved in this tracking.)

 

///UPDATE for clarity of found issue: On F-Secure internet homepage about the Freedome app, among others the following is written:

"Invisible:

When you connect to the Internet, your device is assigned a unique IP address. Freedome masks your IP, so you can surf anonymously under the protective F-Secure Cloud. All that is precious – from identity to location – stays hidden and private. Don’t sacrifice your privacy for the sake of mobility."

 

The word "loacation" is included in the text  above which implies that the Freedome app should hide your/the device's actual and true location. My findings according to above shows this is not true, the Freedome app fails in this respect and reveals the actual location.///

 

(I have similar problem on my Samsung Galaxy S3 (also everything updated to latest versions and not rooted). But since this device also can connect and be tracked via mobile signals since it is a normal cell phone (and not only wifi) I cannot know for sure if the Avast Anti Theft has used wifi (=ip-address) or mobile signals to track the position.)

 

1Like Awesome

Comments

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hello,

     

    Thank you for taking this into our attention. We need to investigate this and see how this particular anti-theft app works. We get back to you as soon as we know more.

     

    Best,

    Päivi, Freedome team

    Like Awesome
  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hello again,

     

    If an app has permissions to “location services” that’ll get more or less accurate location whether the GPS is on or off as the location info is based on other radio signals (wifi) as well. We cannot really mask this, we only mask the IP.

     

    In order to avoid confusion, we will review our product marketing texts related to hiding users' location.

     

    Thanks,

    Päivi

    Like Awesome
  • No-body
    No-body Posts: 6

    Thanks Päivi for reply.

     

    I think I understand your answer. And it is correct about the IP address, when position tracking (longitude and latitude coordinates) via the Avast Anti-Theft-app is done, my actual IP from my ISP is not revealed. Instead the F-Secure IP address of your server I choosed to connect to is the one noted and presented by the Avast Anti-Theft-app.

     

    I am not fully sure about how this position tracking works, but since the Nexus 7 I have used as test device (among other devices) is an “WiFi-only” version (=no gsm radio position tracking) and the gps is not involved then IP addresses could be the only way to determine actual position. This implies that the actual IP address still leaks out in some way, not written in plain text but instead translated into longitude and latitude coordinates. Please comment on this thought of mine and correct me/explain if I am wrong.

     

    Also thank you for updating your product marketing text about this to be more correct. You have a good article on how this works (“F-secure Freedome anti-tracking feature explained”). Maybe some further clarification on this matter under for example section “What it doesn’t block” could perhaps be appropriate.

    Like Awesome
  • No-body
    No-body Posts: 6

    Thanks for reply.

     

    Note and just for your information: The Setting for Position for both test devices I have used (the Nexus 7 and Samsung Galaxy S3) is "Off" and has been this way during all testing. Still the Avast Anti Theft succeeds to determine the actual position during position tracking. It seems as maybe the Avast Anti Theft overrides this setting in some way?

    Like Awesome
  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    That's interesting. I recommend you to be in contact with Avast and ask them directly. If the location services are turned off, an app should not be able to use them.

     

    Best,

    Päivi

    Like Awesome
This discussion has been closed.

Categories

Product & Pricing Info