Cure53 confirmed the leading VPN provider as a safe choice for securing your sensitive data and login details on mobile.
After confirming that it passed three independent security audits only about a month ago, ExpressVPN has just released the results of further tests on its software.
Once again, the provider appears to have passed these latest audits with flying colors.
This time, cyber security experts from Cure53 were called to assess ExpressVPN mobile apps. Its own password manager tool ExpressVPN Keys – which comes at no extra cost with both its iOS and Android apps – has also been tested for any vulnerabilities.
Despite a few minor glitches, which the provider says they have already addressed, Cure53 was pleased with the results and the dedication shown by the ExpressVPN team to fight back “many problems that modern VPN applications face” .
‘Diligent efforts to minimize any potential threats’
“All in all, the development team deserves every credit for their diligent efforts to minimize any potential threats to the iOS app, with only minor tweaks needed to further elevate the platform to an exemplary standard from a security perspective,” shut down the auditing firm. on its iOS audit report (opens in new tab).
A similar outcome ended the Android audit report (opens in new tab), too. At the same time, Cure53 was satisfied with the access and cooperation granted by the supplier during the entire process.
Teams of three and five senior testers conducted white-box testing and source code audits on ExpressVPN’s iOS and Android apps between August 2022 and September 2022. These aimed to determine whether ExpressVPN’s mobile apps could successfully withstand external attacks.
For the first time, ExpressVPN Keys has also been tested to ensure it correctly secures users’ login details.
Both audits revealed only a handful of minor vulnerabilities, but with very little risk to users’ data.
Specifically, the iOS audits identified a total of nine issues. Among these, only four were categorized as low and medium risk security vulnerabilities. The remaining five were referred to as “general weaknesses with lower exploit potential.”
While the Android testing revealed a total of 13 vulnerabilities. Again, only three of the findings were considered security flaws at low or medium severity.
However, as Cure53 reported: “The vast majority of findings are variations of common misconfigurations often found in Android applications. This positive stance is also supported by the fact that none of the aforementioned vulnerabilities can be directly exploited to launch successful attacks don’t feed.”
ExpressVPN’s own password manager also received positive feedback, receiving a “solid impression overall.”
This latest testing brings the total of ExpressVPN’s published independent VPN audits to 13 since 2018. What’s more, a security assessment on the ExpressVPN Keys browser extension is also on the way.
“We recognize the growing global need for digital privacy and security protection,” said Brian Schirmacher, Penetration Testing Manager at ExpressVPN. “Audits by respected cyber security firms like Cure53 are one of our many trust and transparency initiatives. We want to continue to raise the bar for the industry.”
