How to Tell If an Android VPN Protects Your Data

Besides unblocking geo-restricted content, the second most popular reason people use VPNs is to secure their data and privacy.

But how do you know if a VPN really does that? How can you be sure you’re installing a secure service on your Android smartphone?

It’s hard knowing which features you need to check when looking into VPNs. To make things easy for you, we put together this list of must-have security features. So, here’s how to tell an Android VPN really protects your data:

1. It Uses Strong Encryption

You’ll see the word “military-grade” thrown around a lot in VPN marketing copy. What that basically means is that the provider uses AES encryption – the same security standard used by military institutions and banks.

As long as the provider uses AES encryption (or the modern ChaCha20 cipher), your data should be safe. Both AES-128 and AES-256 are equally secure (AES-128 is just slightly faster).

2. It Uses Secure Protocols

A VPN protocol is a set of rules that dictate how a VPN connection is established. If the protocol is weak, the connection will obviously be unsafe.

Right now, the only protocol you should avoid is PPTP. Its encryption can be cracked, so if a VPN only offers PPTP, stay away from it. Also, if a VPN only offers the L2TP protocol, avoid it. On its own, L2TP doesn’t have any encryption (your data isn’t secured). L2TP/IPSec is the correct protocol pairing since IPSec adds the encryption.

Generally, you’d want to see one of these protocols:

  • OpenVPN
  • WireGuard
  • IKEv2
  • SSTP

3. It Doesn’t Log Any Data

A VPN provider should never monitor what you’re doing with their service. Closely check the Privacy Policy and ToS page to make sure the provider doesn’t keep usage logs (what sites you visit and what files you download).

Besides that, it also helps if the VPN provider makes it clear they don’t log your IP address. They should also allow you to sign up with an anonymous email like ProtonMail or Tutanota.

4. It Offers Leak Protection

DNS, WebRTC, and IPv6 leaks are a huge threat because they can cause your IP and DNS queries to leak outside the VPN tunnel. Basically, that means websites and hackers can still see your location, and ISPs can still see your browsing.

Ideally, a VPN should offer complete protection against all three types of leaks. At the very least they should provide DNS and WebRTC leak protection, and mention you need to disable IPv6 to avoid leaks.

Pro Tip: Test the VPN for Leak

Don’t just take the VPN provider’s word for it. Test their service yourself. You can easily do that with

To test a VPN for leaks, do this:

  1. Use without being connected to the VPN.
  2. Take a screenshot of the results.
  3. Connect to the VPN.
  4. Use again.
  5. Compare the results with the screenshot. Do you still see your IP or DNS address? If you do, your VPN is leaking.

5. It Has a Kill Switch

A kill switch shuts down your web access when the VPN connection drops. It’s an important security feature since it protects you from traffic leaks. For example, your ISP won’t know what sites you’re browsing just because your VPN connection drops for five seconds.

There are two types of kill switches:

  1. System-level kill switch – Shuts down all Internet access until the VPN reconnects.
  2. App-level kill switch – Prevents specific apps from accessing the web until the VPN reconnects.

6. It Has a Refund Policy

If a VPN is confident in its service, it should have no problem offering a money-back guarantee. That way, you buy with no risk.

Ideally, the refund period should be long enough to ensure you can test the VPN to see if it’s really secure. Most VPNs offer a 30-day money-back guarantee. Some offer longer periods. For example, CyberGhost VPN has a 45-day refund for long-term subscriptions.

Also, a no-questions-asked type of refund is ideal. Refunds with requirements (like not going over a certain data limit) are annoying.

Optional Security Features

It’s not mandatory for a VPN to offer these features for it to be secure. But we do like seeing them.

Open-Source Software

The main advantage is that anyone can inspect the software code to make sure there are no security holes (intentional or unintentional). It also makes the code easier to audit.

For example, ProtonVPN and IVPN has open-sourced all their software.

Ad Blocker

An ad blocker is a nice way to get rid of annoying ads that make your browser load slowly. It’s also a good way to get some extra privacy by avoiding ad tracking.

What’s more, most VPN ad blockers can block connections to malicious domains. So they can (indirectly) protect you from malware and phishing.

Double VPN

A double VPN connection sends your traffic through two servers instead of one. A normal VPN connection looks like this:

You 🡪 VPN Server 🡪 Internet

A double VPN connection looks like this:

Your 🡪 VPN Server 1 🡪 VPN Server 2 🡪 Internet

Double VPN connections are slower, but they’re great if you need extra security (if you’re a whistleblower, for example). Basically, your data gets encrypted twice.


Obfuscation hides your VPN traffic. It’s a useful feature for people living in countries with restrictive Internet access (like China and Russia). If your government blocks VPNs, traffic obfuscation can help you bypass their blocks.

How to Find a Secure Android VPN

Now you know what to look to make sure an Android VPN is secure. But cross-checking tons of VPNs against our list is a lot of work.

There’s a shortcut, though – use ProPrivacy’s guide to find the safest VPNs for Android. They review the fastest and most secure Android VPNs in an article that’s very easy to read and scan.

What Else Makes an Android VPN Secure?

What other features are a must-have to ensure top-notch security and privacy while using a VPN? Please let us know what your opinion is in the comments.

Leave a comment