There's a lot of misinformation about VPN services, and it stems from the fact that not all of them are created equal. Some focus on privacy, others on security, and a few VPNs are seemingly even purpose-built for the polar opposite: data collection. We made this guide to help clear the air on some of these issues while objectively ranking the best of the best.
Because of the way VPNs work, they're expensive to operate, especially if they implement the best security practices. But this means you're typically left with only two options: either pay your share of the operating costs with a monthly fee, or go with a free service that has to monetize somehow. As with many internet services, that "somehow" usually involves data mining, which is a scary concept when it's happening with a service you might route all of your internet traffic through.
So these are definitely murky waters, and that's why we had to dig deep. You may already know some of what VPNs can offer — location spoofing, encryption, and general security are some of the main draws. But we wanted this guide to be useful for people of all technical skill levels, so we started by researching the basics, and while we recorded our findings on issues like logging policies and IP protection, we realized they weren't covered well elsewhere. As such, take this guide as both an explainer on VPNs and a ranking of the top four VPN services for Android and iOS.
A VPN (or Virtual Private Network) is a secure connection between multiple devices, usually between your phone (or computer) and a VPN server. This connection is encrypted, meaning it is inaccessible by others, including your wireless carrier. Once a connection is established, the VPN server acts a wall between you and the rest of the web, as all traffic is first processed by the VPN server, then directed to your phone. The VPN server also provides you with a new IP address which is what websites see when transmitting data to your device.
When you visit the web with a VPN, your connection is private. The only thing your wireless carrier (and potential hackers) can see is that you are connected securely to a VPN server. Because of this encryption, VPNs are great tools when browsing the web on public Wi-Fi. Even if someone on the same network tried to view your data, the encryption of the VPN would prevent this.
Another advantage of a VPN is the protection it offers your real IP address. Your IP address is like your mailing address at your home. When you browse the web, your IP address is used to direct traffic to and from your phone. However, with this information, bad actors can make targeted attacks, compromising your security. With a VPN, your real "mailing address" is hidden behind a second one, a temporary IP address provided to you by the VPN service. Any attacks would be directed to the VPN's servers, which have protection in place to thwart such efforts.
Finally, many VPN services offer servers around the world. With these servers, you can obtain an IP address from a different country, allowing you to view local search results and circumvent geo-restrictions to view locked content.
The most significant difference between the two mobile operating systems when it comes to VPN is "Always-on" mode. "Always-on" is a feature which forces every app to connect only through the VPN. While it's supported on both platforms, iOS isn't as straightforward to enable.
iOS devices require your device to be in "Supervised mode," which requires a computer, the program "Apple Configurator" and a complete reset. It also demands an IKEv2-based VPN, a protocol not all VPN services offer.
For Android, the process is much simpler, requiring only you enter "VPN" settings under "Network & internet," choose your VPN service, and enable "Always-on."
Now that you understand the basics of VPN services and how they operate, let's look at the best apps that can be installed on both Android and iPhone to enable such features. Start by reviewing the chart below, then look at the Key Comparison Points section if you have trouble understanding any of the data in the chart. After that, we'll explain how we chose these apps, then go over the pros and cons of each app in order of their final ranking.
- Annual Price: The price for one year of service. Each VPN on our list offers additional options such as monthly pricing and multi-year pricing. However, we felt annual pricing was the best price to compare them all, as it's usually cheaper than monthly pricing but doesn't require the long-term commitment of a multi-year plan.
- Free Trial: Whether the VPN offers a free trial to test out its service, and the length of the free trial (if any).
- Speed Reduction (Morning/Afternoon/Evening): VPNs are inherently slower than standard internet connections, so we tested the difference between our 1 Gbps broadband Wi-Fi with and without the VPN active. The data in this section shows the reduction in download and upload speeds when connected to the nearest server on the VPN. The "Morning" tests were conducted at 10 am, while "Afternoon" was tested at 3 pm and "Evening" was done at 8 pm. Each phone was within five feet of the router, and we tested each service three times on multiple devices. In essence, this is a measure of the VPN's true speed, where a smaller percentage of speed reduction means a faster overall connection.
- Number of Servers: The number of servers available to use. A higher number of servers decreases the chance of the VPN's speed decreasing during heavier traffic times. You can see real-world evidence of this in the Speed Reduction test above — the two VPNs with the most servers had the lowest reduction in speed.
- Number of Countries: The number of countries where servers are available. The more countries available, the more countries' geo-locked content you can access.
- Number of Simultaneous Connections: The number of active VPN connections which can occur at the same time.
- Internet Kill Switch: With this feature, your internet connection terminates if your VPN connection fails. Without this feature, if your VPN service disconnects, your real IP address will be exposed.
- Works with Netflix US: The VPN allows you to access US content on Netflix. Netflix blocks VPN connections from accessing its content. Therefore, VPN services have to hide VPN traffic so you remain secure while still viewing your favorite movie and TV show.
- P2P Supported: Whether the VPN lets you share files using a peer-to-peer network. While this is often not supported because of its usage in content piracy, P2P can also help share legal content. Because of the heavier traffic of file sharing, often VPN services will have specialty servers specifically for this usage.
- Live Chat: The ability to speak with an agent via live chat for immediate assistance.
- Money Back Guarantee: The length of time after you first sign up in which you can cancel for a full refund.
- Web Protection: Whether the VPN offers some protection against visiting malicious websites. Typically, this would involve blocking the page from loading and displaying a warning instead, where you could opt to proceed if you were sure the website was safe.
- IPv4 DNS Leak: Using ipleak.net, we checked to see if the the VPN leaks your real IPv4 address over DNS.
- WebRTC Leak: Using ipleak.net, we checked to see if the VPN leaks your real IPv4 or IPv6 address over WebRTC.
- Android VPN Protocols: The VPN protocols available to use on Android-powered devices. The best VPN protocols in regards to speed and security are OpenVPN and IKEv2/IPsec.
- iOS VPN Protocols: The VPN protocols available to use on iOS-powered devices. The best VPN protocols in regards to speed and security are OpenVPN and IKEv2/IPsec.
- Adjustable VPN Protocols: The ability to change the default VPN protocol within the app. While this often possible via third-party apps, only a handful let you change the protocol within the app. This way, you can choose a protocol that fits your current needs.
- Default Data Encryption: The default encryption used to protect your data. The standard (and current strongest encryption standard) is AES or Advanced Encryption Standard. The number next to AES represents the length of the key used to encrypt your data. The longer the key, the more secure the encryption is.
- Strongest Data Encryption: The most robust encryption available to protect your data. Each VPN offers AES-256 which is considered one of the strongest available. If you notice an app is showing a different value in this field than it was in the "Default Data Encryption" field, that means the app opted for a faster encryption standard by default, but it lets you upgrade the security of the encryption through its settings if you're fine with a slightly slower connection. However, all four of our finalists in this revision of the comparison used AES-256 by default already.
- Strongest Handshake Algorithm: The strongest algorithm used for conducting the handshake with the VPN. A handshake is the initial exchange of encryption keys between the VPN and your phone. These keys are unique for each VPN session. Similar to encryption, longer keys (represented by the number next to RSA) equals a stronger handshake, with the highest on our list being RSA-4096.
- Connection Logs: Fully encrypted VPNs mask all of your data in traffic, but a service could still collect data on other aspects of your internet usage. This row shows whether the VPN service logs data such as diagnostics and usage or metadata. Included in this is timestamps, which can be used to see when you started your VPN connection and when it ended.
- Traffic Logs: Whether the VPN service logs information regarding the contents of your browsing, such as your browsing history, purchases, or files downloaded. We consider this a big no-no for privacy and eliminated any options which logged this information.
- IP Address Logs: Whether the IP address logs your actual IP address. We consider this a big no-no for privacy and eliminate any options which log this information.
- Location: The location of the company in charge of the VPN servers. The location is important, as it dictates which country has jurisdiction in case logs of your activities are asked for by a government. This also comes into play when it comes to Five, Nine, and Fourteen Eyes countries (more on these below), as well as the local privacy laws of the country.
We only considered VPN services which had an actively supported app on both iOS and Android. While Android's open nature and policies do give developers the ability to add more control, the basic functionality of a VPN is the same, and we felt it unnecessary to separate either operating system.
The biggest factor in narrowing down the field was cost. We avoided all free VPN services, as these are often a front for data collection. Managing a VPN service can be expensive, especially when providing top-tier protection and security. Free VPNs tend to not provide this, so we believed it was best to avoid them.
Because of our focus on privacy, we only selected VPNs which explicitly have a no-logs policy. This includes no logging of IP address or traffic. Because we are promoting VPN services for privacy, being able to trust the service to not compromise your data is essential.
Almost as significant as a no-logs policy is whether the service leaks your real IP address. While most VPN apps have some provisions in place to protect against leaking, not all of them work, so we verified each one ourselves. Without this protection, a VPN is somewhat useless, as one of the main ways it can protect you is by masking your real IP address.
We also focused on service whose parent company is outside intelligence sharing alliances such as Five Eyes, Nine Eyes, and Fourteen Eyes. Five Eyes is an alliance between the US, UK, Canada, Australia, and New Zealand. Nine Eyes expands this alliance to include Denmark, France, Holland, and Norway, while Fourteen Eyes adds Germany, Belgium, Italy, Sweden, and Spain. These alliances allow each country to work together to collect and share mass surveillance data. With some governments attempting to undermine encryption, the future of VPNs based in these countries could be questionable.
Finally, we required that your data be encrypted with the latest encryption standard. At the time of this writing, that's Advanced Encryption Standard or AES, which is considered the strongest encryption standard available to VPNs. While it will be cracked eventually (like standards before it), currently it hasn't been, and it provides the best available protection between you and the VPN server.
VPN usage comes with some disadvantages, namely, the additional cost and the slower speed. CyberGhost mitigates these problems by offering one of the lowest prices on the market and some of the fastest speeds. With its fantastic money back guarantee, you can try out the service for 45 days, giving you time before making a long term commitment.
Because of encryption and the requirement for traffic to travel through another barrier (the VPN servers), oftentimes, VPNs heavily reduce internet speed. We are talking as high as 50% reduction, depending on the traffic on the VPN servers.
With CyberGhost, you get fast performance and consistent results. Not only did CyberGhost manage to top our list during the evening time, but on all three tests, the measured speed on both download and upload were only a few points slower than our connection without a VPN. This was much different than the results of its competition, which sometimes fluctuated 20 Mbps on various devices.
This consistency and performance are even more impressive, especially when considering that CyberGhost provides an unprecedented 7 simultaneous connections. This means you can enjoy a fast and secure connection on your phone, computer, and five other devices all at the same time.
There are differences between the iOS app and the Android app. For iOS users, the "Settings" option is limited to configuring auto-connect. For Android users, you can not only adjust auto-connect, but manage the connection. Explicitly, you can add ad-blocking capabilities, protection against malicious websites, data compression, and tracking protection if you choose to. You can also use a random port each time you connect to the VPN to protect against tracking.
It offers the largest amount of VPN protocols on Android, which are accessible via third-party apps. It uses the strongest handshake algorithm of RSA-4096. CyberGhost also doesn't log traffic, IP addresses, or even timestamps. It does make some connection logs which are mostly metadata.
One issue we ran into was using CyberGhost on a Galaxy S9 and S9+. If you try to download it on the Play Store, it will say your device is incompatible. However, CyberGhost has informed me this only applies to Galaxy S9 and S9+ devices running Android 8.0 Oreo. With the Android 9.0 Pie update, this is no longer an issue.
CyberGhost offers amazing bang for your buck. A 45-day money back guarantee, seven simultaneous connections, and among the fastest download and upload speeds are just some of the advantages CyberGhost offers. Oh, and that's all for a price $20 lower than next app on our list. It is for these reasons and more that it is our top choice for the best VPN service for mobile users.
ExpressVPN offers simplicity. If you're looking for menu options to tinker with, look elsewhere. Instead, ExpressVPN makes it easy to jump right into a connection with one touch of a button. This simplicity might not be for everyone, but combined with its strong automatic protection, ExpressVPN is an excellent choice for first time VPN users.
Compared to the other apps on our list, the differences between the two operating systems are minimal. Instead of providing Android with more options, ExpressVPN opted for uniformity, providing both nearly identical settings menus. The only configuration choice is the ability the adjust the VPN protocol. Surprisingly, iOS actually has more options, with the ability to use OpenVPN (either UDP or TCP exclusively) and choose from IPsec and IKEv2 protocols.
ExpressVPN offers strong protection via AES-256 data encryption and strong handshake algorithm. While it doesn't have the highest number of servers, it does have servers in the largest number of countries, ensuring that whatever country you want an IP address from you will find it.
The only glaring issue with ExpressVPN is the collection of connection logs. While these logs are limited to metadata (the least harmful), no logs should mean no logs.
ExpressVPN is ideal for first-time users and those not looking to make adjustments. While the desktop version does provide more options, for mobile, you won't find too many VPN apps similar to this one. The bareness should curb any intimidation a VPN might bring and encourage usage. However, for those looking for control, you can use OpenVPN (Android | iOS) to manage your connection instead of the official app, which gives you some additional control over your service.
NordVPN offers a lot for a VPN. It has the highest number of servers (by a long shot) on our list and has a strict no-log policy, including connection logs. It also has additional features that, while not necessary, do add value to the service. However, its price and inconsistent speed forced its lower ranking on our list.
NordVPN has a no-log policy which actually means no-logs. If ever law enforcement (or hackers) were to gain access to NordVPN servers, they would find almost nothing about you, as NordVPN keeps as little as possible on you in their records. Additionally, to help protect you from hackers, NordVPN uses the powerful AES-256 encryption to protect your data and an RSA-2048 handshake algorithm to exchange keys to initiate the connection. NordVPN also supports the two strongest VPN protocols for mobile, OpenVPN and the mobile-friendly IKEv2/IPsec.
NordVPN includes many tools to help you customize the experience. These tools include obfuscated servers which attempt to bypass countries' restrictions, allowing you to view the entire web which a country may block using a network firewall. For mobile users, this feature is exclusive to Android.
CyberSec is a feature provided by NordVPN which offers additional protection when browsing. This feature blocks dangerous websites, protects you against botnet control, and hides unwanted ads (although, for Android users, you need to download the APK from their website to access this feature, as Google Play policy prohibits ad blockers).
With one button, you can jump to the nearest server and dramatically improve your online protection. But if you want, you can take advantage of specialty servers such as their Double VPN, which has your connection go through two VPN servers for layered protection. There is even support for Onion, another service which masks your IP address.
As for the differences between the iOS app and the Android one, the Android app has a bit more options. The iOS settings menu only has an option for "Kill Switch" and "CyberSec." Android lets you configure whether you want to use TCP only, use obfuscated servers, and manage the auto-connect feature (including the ability to automatically use the VPN when using Wi-Fi or cellular data). Additionally, Android gives users access to "Double VPN," "P2P", and "Dedicated IP" specialty servers, while iOS is limited to "Onion Over VPN" and "P2P."
NordVPN's biggest problem is its inconsistent performance. While testing, one device read 80 Mbps while a second read 40 Mbps. This stark change not only hurt its average speed but hurt the overall performance. When you combine that with its high price, it's hard to recommend it over the other two apps on this list. However, if privacy is your top priority and you don't mind the performance, you can commit for two or three years for better savings, making NordVPN a great choice thanks to additional features, specialty servers, and a strict no-log policy.
Depending on which mobile operating system you use, VyprVPN is either painfully simple or surprising fleshed out. While this stark difference is due to how each operating system handles VPN connections, it does provide a somewhat inconsistent experience. That being said, depending on the platform, VyprVPN offers more control via their app than any other app on our list, making it a great choice for those who feel comfortable adjusting their connection.
VyprVPN created their own VPN protocol. Because VPNs are often used to bypass restrictive networks, some ISPs and organizations use deep packet inspection (DPI) to detect when a VPN is used. Once discovered, it will block or throttle your traffic, preventing you access. This led Golden Frog (the company behind VyprVPN) to creating Chameleon.
Chameleon is a VPN protocol which scrambles the metadata of OpenVPN packets to circumvent DPI. This way, you get security, reliability, and the speed of OpenVPN protocols while avoiding any of the network restrictions imposed by your ISP, government, or corporation.
Chameleon is exclusive to Android on the mobile platform due to iOS's VPN restrictions. Chameleon also requires the VyprVPN premium service, which starts at $80 a year or $12.95 a month. The premium service also gives you access to two additional simultaneous connections (for a grand total of 5 connections) and VyprVPN Cloud, a server deployment solution which adds extra protection when using public and private cloud servers. However, if you don't want these benefits, you can save $20 on the annual subscription or $3 on the monthly subscription and use the regular plan.
On Android, VyprVPN gives users a large amount of control over their VPN service. You can change the VPN protocol within the app, choosing between OpenVPN-160, OpenVPN-256 (the default), or Chameleon-256 protocols. OpenVPN-160 gives a bit less security for a faster connection while Chameleon-256 helps to avoid throttling or restrictions. Each protocols' ports can also be configured. VyprVPN let you use either their DNS server or a third-party option, all within the app. Unfortunately, like many of these additional features, this is once again exclusive to Android.
Probably one of the best features of VyprVPN is the ability to configure the VPN connection per app. For each app downloaded on your Android phone, you can choose to either force all traffic through the VPN when on or bypass it during an active connection. This is helpful when you don't need a VPN for some connections or services are hindered when on an active connection (such as video services).
Similar to NordVPN, VyprVPN offers protection against malicious sites on Android. When enabled, during an active connection, any websites found on their list will be blocked and fail to load. A quick warning is that this feature doesn't work on Samsung Galaxy S3 devices and isn't available on iOS.
Unfortunately, iOS users don't have access to any of the features previously mentioned. Only the ability to automatically connect to a VPN when using an untrusted Wi-Fi and "Automatic Reconnect," where the app will automatically try to reconnect to the VPN if it dropped.
Golden Frog is incorporated in Switzerland. Not only is it outside the Five, Nine, or Fourteen Eyes, but Switzerland has some of the best data protection and privacy laws in the world. Additionally, as of November 2018, they are a no-log VPN service and even submitted to a publicly verified independent audit via Leviathan Security, which you can view here (PDF warning). VyprVPN doesn't log timestamps, your traffic, your IP address, or even your metadata.
VyprVPN is an excellent option for mobile users. For iOS users, you get simplicity. With the touch of a button, you can connect to a secure VPN and not have to worry about settings or options. However, for Android users, you get the control of per-app management, protection against malicious apps, the ability to manage VPN protocols, and the option to adjust the DNS servers, among other features. Either way, this is a great choice for those looking for additional protection on the web.
This article was produced during Gadget Hacks' special coverage on smartphone privacy and security. Check out the whole Privacy and Security series.