BRITISH VIRGIN ISLANDS; November 13, 2022—Leading consumer privacy and security company ExpressVPN has verified the security of its mobile apps through two new external audits by respected cybersecurity firm, Cure53. The audits provide unbiased verification of ExpressVPN’s security safeguards, and are paramount in elevating the company’s industry-leading security posture.
Cure53 conducted in-depth investigations on ExpressVPN’s Android and iOS mobile apps through white-box penetration tests and source code audits. The audits also included examinations of ExpressVPN Keys, a password manager integrated in our mobile apps, as well as our VPN protocol integration and dependencies. The assessments confirm that the apps can withstand attacks by malicious users and third-party applications.
On top of our internal testing, Cure53 also gave a highly positive assessment of ExpressVPN Keys, as integrated into our iOS and Android apps. No vulnerabilities were identified in both apps. The audits revealed only two informational issues on Android, and one informational issue on iOS. Keys is designed to protect users’ login details with zero-knowledge encryption, and is one component of giving users a secure online experience.
ExpressVPN’s internal security team has since addressed all feedback highlighted in the audit reports. The majority of issues have been fixed. Those that were not modified were because of the fixes’ potential impacts on app usability and functionality, which Cure53 agreed with.
The audits of our two mobile apps is a testament to ExpressVPN’s strong security foundation, and clearly demonstrates the company’s dedication to ensuring that their millions of users worldwide are interacting with products carefully designed with security at its core.
“We recognize the growing global need for digital privacy and security protections, which is why I’m delighted to share that both of ExpressVPN’s mobile apps have now been audited by Cure53’s independent security experts. This announcement is even more significant as it comes just weeks after complete audits of our three desktop apps, as well as KPMG’s audit of our no-logs policy,” said Brian Schirmacher, penetration testing manager at ExpressVPN. “Audits by esteemed cybersecurity firms such as Cure53 are one of our many trust and transparency initiatives. We want to continue setting the bar high for the industry.”
The full blog article can be read online via: https://www.expressvpn.com/blog/cure53-ios-android-audit/
Since 2009, ExpressVPN has empowered millions of users to take control of their internet experience. The company’s award-winning consumer VPN service is backed by its open-source VPN protocol Lightway, delivering user privacy in just a few clicks. ExpressVPN’s Keys password manager and Aircove router make digital privacy and security easy and accessible for all. ExpressVPN’s products have been extensively vetted by third-party experts, including PwC, Cure53, KPMG and others.
ExpressVPN has been part of Kape Technologies (LSE:KAPE) since 2021. To learn more about ExpressVPN’s industry-leading privacy and security solutions, visit www.expressvpn.com.