Skip to main content

Here’s how one popular VPN company keeps its apps free from malicious modifications

(Image credit: Shutterstock / 0beron)

ExpressVPN has revealed it has enlisted the help of PwC Switzerland to ensure its service's verification system actually works as it should.

The aim of this system is to sharply reduce the risk of an infected machine or unwitting employee inadvertently distributing malware payloads. That means mitigating the risk of having malicious code inserted into ExpressVPN apps, which in turn could be used to eavesdrop or for other nefarious activities.

PwC Switzerland acted as an external, independent auditor and was tasked with checking every step of the process.

End-to-end verification

As ExpressVPN explains, the auditors vetted the system by accessing the source code, servers, documentation and user information back in May. It is important to note that this type of assessment produces a snapshot of the system's performance and that circumstances evolve, which is why these checks are performed regularly. 

The full report is available to ExpressVPN customers for free and goes into detail with regards to the processes involved in the rigorous audit.

The privacy company - which sits atop our best VPN guide - introduced a number of features that aim to improve performance and security for their clients; it launched RAM-only VPN servers and unveiled a new protocol called Lightway.

Last year, it was audited twice (by PwC and Cure53) and also teamed up with HP and Dynabook to provide bundled VPN software for the firms' business laptops.

Desire Athow

Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology in a career spanning four decades. Following an eight-year stint at ITProPortal.com where he discovered the joys of global techfests, Désiré now heads up TechRadar Pro. He has an affinity for anything hardware and staunchly refuses to stop writing reviews of obscure products or cover niche B2B software-as-a-service providers.