Home / Technology / TorVPN Android Audit: Security Solid, Minor Bugs Remain
TorVPN Android Audit: Security Solid, Minor Bugs Remain
17 Apr
Summary
- TorVPN for Android underwent a penetration test in June 2025.
- The audit found no fundamental flaws in traffic routing or tunnels.
- Developers are fixing minor DNS and input validation vulnerabilities.
A recent security audit of TorVPN for Android has confirmed the app's strong foundation for user anonymity. Performed in June 2025 by cybersecurity firm Cure53, the penetration test rigorously examined the application and its Onionmasq networking layer. The findings indicate that TorVPN successfully maintains its core security requirements, ensuring secure traffic routing and tunnel establishment to the decentralized Tor network.
While the core privacy features were validated as robust, the audit did identify several low-level vulnerabilities. These primarily involve issues with input validation and DNS handling, which, in rare instances, could lead to denial-of-service conditions. Developers are actively working to patch these minor bugs. Additionally, suggestions were made for cryptographic hardening, including certificate pinning and improving randomness, alongside typical mobile security considerations like plaintext configuration storage and root detection. The Tor Project is addressing all audit findings to enhance the final release of this privacy-focused mobile tool.
