The results of the latest independent audit carried out by ExpressVPN are in and it is good news for all customers that use their Windows app.
The test has passed the Windows App with flying colours with no significant vulnerabilities identified. Furthermore, it has confirmed the ExpressVPN security and privacy claims about their Windows app.
F-Secure’s independent audit
The audit of the ExpressVPN Windows software was carried out by F-Secure, an independent third-party cybersecurity company, between November and December 2021. It reviewed the app and carried out a comprehensive penetration test to confirm the apps’ privacy and security protections.
The tests conducted were intended to identify any security weaknesses in the coding that underpins the app with a particular focus on any issues that might result in the leaking of user information or IP Addresses.
The good news is that no vulnerabilities of this type were found. In fact, there were absolutely no critical vulnerabilities found. Neither were there any issues classified as high or even medium risk identified.
One vulnerability classified as low risk was found. This has now been fixed and F-Secure has confirmed as much in a follow-up test conducted last month.
The overall conclusions of the report are abundantly clear.
It states that “It was not possible to gain information about ExpressVPN’s clients or out of the network traffic. Nor was it possible to execute code remotely through attacks such as, but not limited to, Man-in-the-Middle (MitM), TLS downgrading, packet injection.”
As Aaron Engel, Head of Cybersecurity at ExpressVPN commented, “The report from F-Secure showcases the strength of our product and validates the high-quality work that ExpressVPN engineers and security experts have been doing.”
ExpressVPN’s audit record
Independent security audits are vitally important for VPNs to ensure credibility with their users.
Any VPN can claim to offer rock-solid security and privacy protections. But the reality is that most users don’t have the know-how to check up on this and confirm that their claims stack up.
That’s where independent audits conducted by reputable third-party organisations come in. They can do the checks that you can’t and reassure users old and new that your VPN does exactly what it says it does.
ExpressVPN has been one of the first VPNs to really embrace independent audits and this latest audit of their Windows app is just the latest in a long line of independent tests that they have carried out.
Previous audits have included one by PwC of Switzerland looking at ExpressVPN’s privacy policy compliance and their in-house technology, TrustedServer.
PwC Switzerland also conducted an assurance engagement on their build verification process while Cure53, an independent cyber security company has also examined their browser extensions and their new VPN protocol, Lightway.
ExpressVPN are not stopping with this latest audit either. They have confirmed that this year they will also be commissioning audits on all of their client apps, their core technology, and their entire privacy policy.
Back to Aaron Engel, ExpressVPN’s Head of Cybersecurity who noted that “This is the first of multiple audits to come in 2022, and we are committed to continuing to deliver independent reports on all of our client apps, core technology, privacy policy, and more.”
Audits and the importance of VPN transparency now and in the future
At the end of the year, ExpressVPN will be way out in front of all their main rivals in conducting these audits and will have boosted the trust of their users and the transparency of their service and products overall.
It is not just independent audits either. ExpressVPN also offers open-source leak testing tools and ensures that its security practices are transparent and open to the public.
They have also helped launch the VPN Trust Initiative, which aims to promote public awareness about internet safety overall as well as the specific roles that reliable VPNs like ExpressVPN can play.
ExpressVPN is really leading the way when it comes to transparency and independent audits of their service. They deserve enormous kudos for that and for showing other VPN providers the way.
We hope to see more VPN providers following their lead and expanding on their use of independent audits across their entire service in the months and years ahead.
For now, users who want to be sure that their VPN provider is providing the service they promise will know that in ExpressVPN, they have a premium, high-quality VPN that genuinely does do exactly what it says on the tin.
