Recently, we have noticed an uptick in the number of fake Proton VPN apps. Hackers create fake versions of popular applications, like Evernote, Signal, and Proton VPN, to smuggle malware onto unsuspecting users’ devices. Once they are downloaded, the malware contained in these fake apps can unleash ads all over your device, take control of your device’s camera, or even let attackers steal your identity. This article explains how to avoid these fake apps and what you should do if you’ve downloaded one.
How to spot fake apps
You should not download apps from unofficial sources. Proton VPN apps are only available on the App Store, the Play Store, the Proton VPN website, or F-Droid.
While there are relatively benign copies of our apps in different corners of the Internet, if you do not download the app from one of these three sources, we cannot assure its quality. To download an official Proton VPN app, you must get it from our website, the App Store, or the Play Store.
Users still need to remain vigilant in the official app stores as even they are not 100 percent safe. There was a fake WhatsApp application that was downloaded over 1 million times from the Play Store in 2017. That app only spammed its users with advertisements, but it demonstrates the risk that exists. There was also an “Encryption Proton Mail keyboard” available briefly in the Play Store. Make sure you check the name of the app as well as the name of the developers. If either seems suspicious, do not download the app.
Fake apps pose the largest risk to Android users, but macOS and Windows users should also be careful. Only download apps from a trusted source and never download an app directly from a link shared via social media. If you are using an iOS device, you are relatively safe since you can only download apps from the App Store. (If you jailbreak your device, then this warning applies to you as well.)
Everyone can download any of our apps for free from our official sites, so there is no advantage to downloading them from an unverified source. We only charge a subscription fee for our premium services. Users who only want privacy protection can sign up for free plan.
What to do if you downloaded a fake app
If you downloaded a fake Proton VPN app, you should immediately delete it. Your data is not secure as long as the fake app is on your device.
To delete fake apps from your Android:
- Open the app tray.
- Tap and hold the app you wish to delete. (Hold your finger on the app until you feel a vibration or notice that the screen changed.)
- Drag the app onto the Home screen.
- Continue dragging the app to the Uninstall option.
- Release your finger over the Uninstall button.
Download our secure and free VPN.
(Remember, these steps or the names of the folders might be slightly different for you, depending on the brand of your Android device.)
Unfortunately, malicious Android apps often try to prevent you from deleting them by making their icon and title invisible. If you cannot find the app on your device, you should go to your installed apps page.
To find hidden apps on an Android:
- Tap the Settings icon. It looks like a gear.
- In the Settings menu, tap Apps & notifications.
- Tap See all apps.
- Once you are looking at the list of all your apps, scroll until you find a blank space. This will be the invisible fake app. Tap it and select Delete.
If your device will not let you delete the fake app because it was able to get administrator permission, your best option is to wipe your device’s memory and start over.
To perform a factory reset:
- Tap the Settings icon. It looks like a gear.
- In the Settings menu, tap Backup & reset.
- Tap Factory data reset. (This will delete all data on your phone.)
How to recover from a fake app
Once you have cleared the counterfeit app from your device, you need to resecure your accounts. If you happened to download a fake Proton VPN app, here is how you can take back control of your Proton VPN account. You should first check your account page to make sure nothing (like your recovery email) has been altered. Finally, you should change your password.
To change your Proton VPN password:
- Go to https://account.protonvpn.com/login.
- Enter your login credentials
- Once you are logged in, click Account on the left.
- Click Change Proton password.
If you fear your Proton Mail account might be at risk, you should check to see if there are any active sessions that you do not recognize. If there are, close them immediately. And make sure your recovery email address hasn’t been changed. Then change your password.
To secure your Proton Mail account:
- Go to https://account.proton.me
- Enter your login credentials.
- Click Settings.
- Find and click Security in the menu on the left.
- Under Session Management you will see all the sessions currently open. If there is one you do not recognize, click Revoke. If you are very concerned about your security, you can click Revoke all other sessions.
- You will be prompted to enter your password to confirm that you want to end these sessions.
- Then find and click Account in the menu on the left.
- Scroll down until you see Change password.
Downloading a fake app is one of the quickest ways to compromise your device. Unfortunately, it only takes one weak link to put your data risk. To keep your data private, you must always be vigilant.
Best Regards,
The Proton VPN Team
You can follow us on social media to stay up to date on the latest Proton VPN releases:
Twitter | Facebook | Reddit | Instagram
To get a free Proton Mail encrypted email account, visit: proton.me/mail
Would you please publish a .sig file for the GnuPG singature of the APK? Or an SHA256SUM?
Snowden’s book says the NSA can hack into VPN’s with a program (i believe it’s called FOXACID). Has Proton covered this entry point used by outsiders?
Thanks,
L.
That can’t be done from the application level of the same operating system itself…!
You should scramble the scan-codes coming from the keyboard before they physically reach the computer.
The only solution I imagine is to use a separate keyboard with a de/scrambler device (say a Raspberry with LCD, a smartphone *with no data connection*, a second PC…) connected to an USB or BlueTooth port of your PC. On this second “keyboard” you type the text to scramble only(!) and on this second “display” you can read your correspondant’s descrambled text.
Obviously this second device, will never be connected to any data source or to the Internet for security reasons.
In other words, if you do not trust your operating system, the only solution is to use another one completely separated. ;-)
Proton Team,
Please create a new app for the public. We would like to see an encrypted keystroke scrambler for PC and Android. Something to encrypt our keystrokes so the operating system cannot save or read our keystrokes.
Thanks Team!
Hello. I’m using Lineage OS without GApps, so I can’t download ProtonVPN from the play store. Is there other way to download it, or my only choice is the OpenVPN app from the F-droid?
Hi Cyril,
Please contact us at support@protonvpn.com or fill in the following form: protonvpn.com/support-form and we will send you the link to download the APK file.
Cheers