Big news on ExpressVPN security. ExpressVPN has made the results of additional testing on its software available. This is after claiming to have passed three independent security audits just a little over a month ago.
Once more, it appears that the service received top ratings in these most recent examinations.
This time, Cure53’s cybersecurity specialists were enlisted to evaluate the ExpressVPN mobile apps. It also ran a vulnerability scan on ExpressVPN Keys. This is its own password manager application that is included free of charge with both its iOS and Android apps.
Cure53 was happy with the results and the dedication displayed by the ExpressVPN staff in overcoming “many challenges that modern VPN applications tend to experience,” notwithstanding a few small flaws that the service claimed to have previously fixed.
READ MORE: GitHub’s Free Secret Scanning
“Stronger attempts to reduce any potential dangers”
According to the auditing company’s conclusion in its iOS audit report, “the development team deserves every accolade for their due diligence efforts in minimizing any potential threats for the iOS application, with only minor adjustments required to further elevate the platform to an exemplary standard from a security perspective”.
The Android audit report, too, came to a similar conclusion. At the same time, Cure53 appreciated the provider’s grant of access and cooperation during the entire procedure.
Between August 2022 and September 2022, white-box testing and source-code audits on ExpressVPN’s iOS and Android apps were carried out by teams of three and five senior testers. These were conducted to see if the mobile apps for ExpressVPN could successfully fend off outside threats.
ExpressVPN Keys were also put to the test for the first time to ensure that it correctly safeguards users’ login information.
Only a few minor flaws, with very little danger to user data, were found in both audits.
The iOS audits specifically found a total of nine problems. Only four of them were identified as having low and medium-risk security vulnerabilities. “General weaknesses with limited exploitation potential” were used to describe the remaining five.
While a total of 13 vulnerabilities were discovered throughout the Android testing. Only three of the findings—again, of low or medium severity—were classified as security bugs.
Nevertheless, as Cure53 noted: “Most of the discoveries are variations of frequent configuration errors that are frequently seen in Android applications. The fact that none of the aforementioned vulnerabilities may be directly exploited to launch successful attacks further supports this optimistic attitude.”
Additionally, ExpressVPN’s own password manager garnered praise and made “a strong impression overall.”
With these most recent tests, ExpressVPN has now successfully completed 13 independent VPN audits since 2018. Additionally, an evaluation of the ExpressVPN Keys browser extension’s security is in the works.
According to Brian Schirmacher, manager of penetration testing at ExpressVPN, “We realize the expanding global need for digital privacy and security measures.” “One of our numerous trust and transparency initiatives includes audits by reputable cybersecurity companies like Cure53. We intend to keep the industry’s standards high.