Guest Post: Facebook’s Onavo Protect VPN Might Be Gathering Users’ Psychological Profiles

In the midst of growing concerns about Facebook’s stance regarding privacy of its users, Facebook decided to release a free VPN service called Onavo VPN for all its users. The move has been massively criticized since the start, pointing out Facebook’s long-standing tradition of privacy invasions.

Even the VPN app’s description states that all browsing data is actually collected by Facebook to improve its products and services, thus making the VPN obsolete.

According to Google Play, Android version of Onavo Protect alone has already been installed between 10M and 50M times. The popularity of Onavo and of other free VPNs – such as HotSpot Shield – shows many users might not fully understand what they are getting themselves into.

After started a minor investigation of Onavo VPN’s Android application, we noticed a few worrying details, which might prove that Facebook’s free VPN is doing much more than just collecting data for Facebook and Onavo service improvement.

After downloading the Onavo Android application apk file, we de-compiled it and opened it with Android Studio. Soon, we noticed that Onavo uses HotKnot, which is mostly used to exchange data by touching two compatible devices one with the other. However, by doing that, a user is also able to make a payment and that information might be tracked. HotKnot is usually used by AMR processors in Chinese and Asian markets for collecting data and using it for market research:

GIF image.gif

Decompiled OnavoProtect APK code tree

We reported our findings to Facebook and were told that HotKnot was not being used with Onavo VPN. After we provided sufficient proof that the files are actually there, the response was more elaborate: “While we did not use them (the functions are empty as you can see when decompiling), they have been removed and will not be included in new versions of Protect.”

Considering that Facebook is inaccessible in China without VPN and that the majority of Chinese citizens are using one, it does not surprise that Facebook decided to access this steadily growing market. Facebook is simply doing what it always does – collecting the maximum possible amount of data, which it can sell or use afterwards.

The use of HotKnot, in addition to the usual Facebook tracking features, would allow Facebook to know its users’ shopping habits, and by correlating the purchase information with geo-location, would be able to gather much more in-depth information, such as psychological profiles and deeply personal preferences.

While Onavo might be helpful to some Facebook users who live in countries with oppressive governments and Internet censorship, others should steer away in order to protect their privacy.


VPNSpecial is one of the biggest global VPN review and comparison sites. Close to 100 professional VPN reviews are provided, with important highlights and speed tests. Users also favor VPNSpecial Server Map tool which depicts physical location of 10 biggest VPNs servers. Started in 2015, VPNSpecial has grown to a website helping half a million privacy enthusiasts select best VPN Service each month.



One Response to “Guest Post: Facebook’s Onavo Protect VPN Might Be Gathering Users’ Psychological Profiles”

  1. […] of how invasive Onavo is, actual VPN companies like NordVPN called them out on this and so has VPNSpecial. Thus it is kind of surprising that it took this long for Apple to give this app the boot. But it […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: