After confirming that it passed three independent security audits just a month ago, ExpressVPN has just released the results of additional tests of its software.
Once again, the provider appears to have passed these latest audits with flying colors.
This time, the cyber security experts from Cure53 were called in to evaluate the ExpressVPN mobile apps. Its own ExpressVPN Keys password manager tool, which comes at no extra cost with its iOS and Android apps, has also been tested for vulnerabilities.
Despite some minor bugs, which the provider says they've already fixed, Cure53 was pleased with the results and the commitment the ExpressVPN team showed to address "many issues that modern VPN apps tend to run into."
“Diligent Efforts to Minimize Potential Threats”
“Overall, the development team deserves all the applause for their diligent efforts to minimize potential threats to the iOS app, with only minor tweaks needed to further elevate the platform to an exemplary standard from a security standpoint” , concluded the audit. signature. in your iOS audit report (opens in a new tab).
A similar finding also ended the Android Audit Report (Opens in a new tab). At the same time, Cure53 was pleased with the vendor's access and collaboration throughout the process.
Teams of three and five senior testers conducted white-box tests and source code audits on ExpressVPN's iOS and Android apps between August 2022 and September 2022. They aimed to determine if ExpressVPN's mobile apps could withstand external attacks with success.
For the first time, ExpressVPN Keys has also been tested to ensure that it adequately protects user login information.
Both audits revealed only a handful of minor vulnerabilities, but with very little risk to user data.
Specifically, the iOS audits identified a total of nine issues. Of these, only four have been classified as low and medium risk security vulnerabilities. The other five were labeled as "general weaknesses with less potential for exploitation."
While Android tests revealed a total of 13 vulnerabilities. Again, only three of the findings were considered low or medium severity security bugs.
However, as Cure53 reports: “The vast majority of the findings are variations of common misconfigurations that are often present in Android apps. This positive view is also supported by the fact that none of the aforementioned vulnerabilities can be directly exploited to carry out successful attacks. .”
ExpressVPN's own password manager also received positive reviews, getting "a strong impression overall."
These latest tests bring the total of independent VPN audits published by ExpressVPN to 13 since 2018. In addition, a security assessment of the ExpressVPN Keys browser extension is also underway.
“We recognize the growing global need for digital privacy and security protections,” said Brian Schirmacher, penetration testing manager at ExpressVPN. the bar high for the industry.
See the best ExpressVPN prices today:
(opens in a new tab)
(opens in a new tab) (opens in a new tab)
