Free public Wi-Fi isn’t always available. Moreover, the dangers of public Wi-Fi make it not worth using without VPN protection – especially during these uncertain times. Still, the thought of using VPN on mobile data leaves people with many questions:
- Does it even work?
- Is it safe?
- Will it affect my mobile data plan?
- If it does, how can I make my VPN use less data?
You can find the answer to all these questions (and more) in the lines below.
- Do VPNs Work on Mobile Data?
- Using VPN on Mobile Data: Safe or Not?
- Are Mobile VPNs Data Hogs?
- Which VPN Protocols Use the Least Data?
- Can a VPN Help Me Get Around Data Caps?
- What Are the Best VPNs for Mobile?
- Other Security Dangers of Smartphones
- Using VPN on Mobile Data – The Bottom Line
Do VPNs Work on Mobile Data?
Yes, they work just fine.
Once you’ve connected to a VPN server through your provider’s mobile app, your network traffic will be encrypted – preventing your mobile carrier or other third parties from spying on your online activity. The only thing you need to ensure is that the VPN app is compatible with your device.
Older Android models tend to be excluded due to security reasons, though you can still find VPN providers willing to support them. Meanwhile, Apple is known to phase out support for older devices quite rapidly, so it’s even less likely for a VPN to still work on them.
You can find a brief list of great VPNs for Android and iOS later on in this article. Both lists link to a more in-depth look at each VPN, including whether they’re compatible with your device – so stick around.
Using VPN on Mobile Data: Safe or Not?
Fortunately, using VPN on mobile data provides the same level of security as using it on Wi-Fi or a wired connection. Your data will be encrypted through every step of the way to the VPN server. It will then be decrypted so the website or online service can receive it in a readable format.
Your device > mobile tower > ISP server > VPN server > Internet service
However, if you care about your privacy and security, you need to be careful about your choice of VPN. Ideally, you should use a “no-logs” VPN to avoid data logging by your provider, which is especially dangerous if you live in an area with frequent human rights violations.
We’ve also covered the dangers of free VPNs as well, but just to recap the main points:
- About 38% of Android VPNs were found containing malware
- Most free VPNs sell your data to third parties
- Advertising-based VPNs will inject intrusive ads into your browser, some containing tracking cookies that basically nullify any privacy benefits
- Customer support is non-existent, or poor at best
That’s not to say there aren’t some great free VPNs out there that don’t pose such a security risk. Just keep in mind that they come with many limitations, such as slow speeds, data caps, and a small number of servers.
Are Mobile VPNs Data Hogs?
When a VPN encrypts your traffic, a small amount of data called “encryption overhead” is added to whatever is transmitted over the network. This overhead can be anywhere between 5% and 15% of the total data transmitted. It all depends on the VPN encryption protocol used, as well as the strength of the encryption.
How does this affect your data plan? Well, the overhead is negligible in size, but it can quickly add up over time. If you have a limited data cap (and if your VPN client supports it), just switch to a weaker encryption protocol to save some valuable MBs.
Since your device uses fewer resources to encrypt your data, this will also speed up your connection. It also comes at the cost of less security, so keep that in mind if you’re concerned about that aspect.
Which VPN Protocols Use the Least Data?
For the most part, the default configuration from your VPN provider should be optimal for mobile usage. Reaching your monthly data cap too soon for your liking? Then you can always change the encryption protocol to a weaker, less data-intensive one – provided your VPN supports multiple protocols.
Here are some of the more commonly used protocols nowadays, sorted by how much data they use (least to most):
- PPTP – 128-bit MPPE – Poor security; the creators themselves (Microsoft) have recommended avoiding this protocol
- L2TP/IPSec – 128-bit AES – Better security than PPTP, but much slower than it (and arguably OpenVPN)
- IKEv2/IPSec – 128-bit AES – IKEv2 allows you to switch between mobile data and Wi-Fi without dropping your connection. Useful in not interrupting any data streaming
- OpenVPN – 128-bit AES – Offers much better security, while still keeping mobile data usage low
- Obfuscated OpenVPN – 128-bit AES – Data usage is a bit higher than the above, but VPN obfuscation could help you bypass VPN filters (e.g. in public places, at work, school, or those found on streaming platforms like Netflix)
- L2TP/IPSec – 256-bit AES
- IKEv2/IPSec – 256-bit AES
- OpenVPN – 256-bit AES
- SSTP – SSL 3.0 + 256-bit AES
- Obfuscated OpenVPN – 256-bit AES – Excellent security-wise, but uses the most data out of all options
As a general idea, 256-bit encryption is much stronger than its 128-bit counterpart, making it great for security. However, it also adds more overhead to your data, and further slows down your connection.
Can a VPN Help Me Get Around Data Caps?
Your data still needs to pass through your ISP before reaching the VPN servers. While it is encrypted and they have no idea what it consists of, your ISP can still measure how much data you’ve used up. Otherwise, everybody would be using VPN on mobile data for basically free, unlimited Internet.
Still, a VPN can help you get around a practice known as bandwidth throttling – whereby your ISP slows down your connection if they notice you’ve used a lot of data on particular services (like YouTube, for example).
Basically, your ISP can’t see what you use your mobile data for, so they can’t throttle your bandwidth on that basis. Obviously, if you haven’t gone past your data cap, then they can’t throttle your entire connection without risking a hefty lawsuit.
What Are the Best VPNs for Mobile?
If you’re stuck using a VPN on mobile data because free Wi-Fi is scarce in your area, then you should at least get the best one for the job. Here are our top recommendations for Android and iOS.
Best Android VPNs
We’ve already discussed the best VPNs for Android in great detail, but here are the essentials if you’re short on time:
- ExpressVPN – A consistent list-topper with many reviewers. Fairly expensive compared to the competition, but well worth the price thanks to the sheer amount of features.
- NordVPN – The other major competitor for the top VPN spot. Still on the expensive side, but just as feature-rich. Has a CyberSec feature that prevents your device from accessing most known malware websites.
- CyberGhost – Not as popular as Express or Nord, but not far behind in terms of quality. It’s great for those of you with older Android phones (4.1+), as the devs continue to support those devices.
- Surfshark – Great download speeds due to light resource usage. Plenty of servers to choose from, as well as an easy-to-use Whitelist feature that lets you choose which apps connect to the VPN and vice-versa.
- Ivacy – Includes dedicated VPN servers for streaming platforms like Netflix. Unfortunately, it does not support IKEv2, meaning your connection will drop momentarily while you switch from mobile data to Wi-Fi. This could be a security concern for some, but the app still holds its own among the top VPNs.
- VyprVPN – Publicly audited by experts in the field, guaranteeing the best security while still being a good option for casual users.
Best VPNs for iOS
As always, you can check out the best VPNs for iPhone and iPad in more depth, or stick to the bullet points right here. Most of our top VPNs support both Android and iOS, so the only new contender is IVPN:
- IVPN – Great choice for security buffs, since it is open-sourced (anyone with coding knowledge can audit it), and hosts its own DNS servers. It also has a strong, firewall-based VPN kill-switch. Since they aren’t as big as our other options, the downside is they have fewer servers to choose from.
We should mention that no iOS VPN apps support split-tunneling at the moment (e.g. Surfshark’s Whitelist). Unfortunately, this means you won’t be able to choose which traffic goes through your VPN. It’s a shame since it could have saved you some data and increased network speeds for “safe” apps that don’t really require a VPN connection.
Other Security Dangers of Smartphones
Using a VPN on mobile data may be great for security, but smartphones can be extremely unreliable on that end. Here are the top five security concerns you need to deal with, even with a VPN.
You’ve probably seen those irritating cookie pop-ups more often in the past few years. These small bits of text are downloaded to your device whenever you access a new website. While they can be convenient (e.g. keeping you logged in to online services across browsing sessions), they are just as dangerous for your privacy.
If you don’t mind sacrificing some convenience to maintain your privacy, then here’s how to clear cookies on most browsers (desktop + mobile).
2. Web Beacons
Typically used in conjunction with cookies, and gather just as much (if not more) data about you. Beacons can take the form of 1×1 pixel GIF files that are embedded in your emails or websites you visit. This is also why they are sometimes called tracking pixels. Moreover, they are invisible to the user – so unless you read about them somewhere you can go your whole life without know they exist.
The solution against web beacons and most forms of online ad tracking is to use a powerful ad-blocker like uBlock Origin (only works on Firefox for Android, unfortunately). A good alternative that also works on iOS is AdGuard.
As for email beacons, you may need to switch providers to one that blocks embedded images by default, and asks your permission before loading them. Gmail does something similar by first downloading any embedded image to their servers – including tracking GIFs. Of course, Gmail is owned by Google, so it’s really just trading one advertiser for the biggest of them all.
You can read more about beacons and other dangers to your VPN security, by clicking here. There’s also a useful guide to enhance the anti-tracking capabilities of uBlock Origin, using community-driven filters.
3. Location Data
Smartphone apps infamously request access permission to data they shouldn’t need in the first place. Why would some random video game need access to your phone contacts or location data? The New York Times has a great piece showing just how creepy it can get when you don’t pay attention to what apps can access your location.
Given that a VPN is meant to hide your real location by masking your IP address, this is a serious threat to your privacy. Make sure to turn off location data on your phone when using a VPN:
- Here is a guide to stop location tracking on Android phones
- Here is one for iOS devices, provided by Apple themselves
4. Local System Time
This one is fairly straightforward. Websites and online services can detect your actual location by reading the system time on your phone or tablet. Well, it’s more of an approximation based on timezone, but you get the point. If your timezone and that of your VPN server aren’t in sync, your VPN usage will be exposed.
Luckily, this is a quick fix: just set your phone’s time to the appropriate timezone.
5. Browser Fingerprinting
Ever logged in to a service on a different device? Then you’ve probably received an email notification that a new device has logged in to your account. Here’s an example: a Gmail security notification.
This screenshot is from a desktop PC, but similar information is displayed for mobile devices. As you can see, the notification contains a lot of identifying info, all gathered from the browser used to log in:
- The operating system (Windows)
- Browser used (Firefox)
- Local time and date
- Location (near Cluj-Napoca, Romania)
- IP address in this format x.x.x.x – here’s an example: 220.127.116.11. This format is used by IPv4 addresses. Your device can also show an IPv6 address, which looks similar to this: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Of course, browser fingerprinting can reveal much, much more about your device. Just use this tool by the Electronic Frontier Foundation (EFF) and see for yourself. This info can be used to narrow down your identity to a few thousand devices that share your device’s digital fingerprint (about 286,777 according to the EFF).
Unfortunately, browser fingerprinting is much more difficult to avoid – even security experts consider it kind of a headache. Fortunately, it’s not much of a problem for the average user that isn’t targeted by international spy agencies or oppressive governments.
If you’re still worried, learn how to minimize its threat to your privacy with this useful browser fingerprinting guide.
Using VPN on Mobile Data – The Bottom Line
As you can see, it’s a pretty good idea to use a VPN on your mobile network:
- Benefit from the same level of security as VPNs on Wi-Fi or wired connections.
- Bypass bandwidth throttling from your mobile provider.
- Unlock your favorite websites just as you would on other networks.
The only things to watch out for are the following:
- Increased data usage – mitigated somewhat by switching to weaker encryption on VPN clients that support it.
- Choosing the right provider – avoid most free VPN providers and those that log your data.
- Strengthen your VPN privacy and security using the tips above.
And there you have it. Let us know if you have any other questions on the subject in the comments below.