AVG Secure VPN, a product of AVG Technologies, promises to safeguard your online privacy. However, it’s important to consider the company’s history and its affiliation with Avast Software, both of which have faced controversies around user data collection and resale. In late 2019 and early 2020, both AVG and Avast came under scrutiny for collecting user data through browser extensions and antivirus software, potentially compromising user privacy. Avast even faced a preliminary investigation by the Czech Office for Personal Data Protection.
Given this background, users may have valid reservations about using AVG Secure VPN. While the parent and affiliated companies have taken steps to address past mistakes, these incidents raise questions about their commitment to user privacy. As the realm of online security demands uncompromising standards, potential users should weigh the benefits of AVG Secure VPN against these significant privacy and trust concerns.
App Telemetry Data
In the realm of cybersecurity, AVG Security VPN carries a brand name that has been synonymous with antivirus and security solutions. Yet, when scrutinized through the exacting lens of privacy, some concerns come to light. The app establishes connections to various domains that are generally involved in analytics and tracking, such as
firebaselogging-pa-googleapis.com, and multiple subdomains linked to
appsflyer.com. Additionally, the presence of a connection to
graph.facebook.com raises the specter of potential user tracking, aligning AVG more with data analytics than with the minimalist, privacy-focused ideal.
Further deepening the enigma, AVG Security VPN also connects to multiple subdomains related to its own parent company, Avast. Domains like
analytics.ff.avast.com indicate an intricate web of data interactions beyond the simple purpose of a VPN. While this complexity doesn’t inherently mean a compromise of user privacy, it does pose questions about the necessity of such elaborate data networks in an application that, at its core, should prioritize user privacy. Based on these observations, AVG Security VPN finds itself positioned at a “D” on our privacy grading scale, challenging us to reconsider how we define ‘security’ in the age of data analytics.
Data Collection and Processing:
- Limited Logging: AVG states that they do not log originating IP addresses, DNS queries, browsing history, or transferred data such as emails and pictures. While this is a positive aspect from a privacy standpoint, it’s essential to consider how it aligns with other data they do collect.
- Service Data: AVG collects timestamps of connections and the amount of data transmitted. This is stored for 35 days and is used for network management and troubleshooting.
- Client Data: Data related to connection events, application events, and crash reports are collected and stored for 2 years. This can include your email and app version, which could potentially be used for identification.
- Account Creation: Email addresses and activation codes are stored for the lifetime of the product plus 2 years. This prolonged retention period could be a concern for some users.
Third-Party Analytics Tools:
- Google Firebase Analytics, Google Fabric Crashlytics, AppsFlyer Analytics, and App Center: AVG uses these third-party analytics tools to understand application performance and user interaction. While AVG claims to use anonymizing identifiers, it’s crucial to be aware that data handling by third parties is subject to their own privacy policies.
- Opt-Out Options: AVG offers opt-out options for Google Firebase Analytics and AppsFlyer Analytics. While this is a positive aspect, users need to be proactive in changing these settings.
Contradictions and Ambiguities:
- Data Minimization Claim: AVG states that they try to minimize the collection of any data and aggregate or delete it as soon as possible. However, they store service data from VPN clients for 2 years and account data for the lifetime of the product plus 2 years, which could be seen as contradictory.
- Personal Data Use: The policy mentions that personal data is any information that relates to an identified or identifiable natural person but doesn’t explicitly state what categories of data they consider to be ‘personal.’
- Billing and Payment: AVG relies on external payment providers but does not elaborate on how these providers handle or store your financial data.