The assessment, which categorizes risk level on a scale of low to critical, included analysis of data, traffic and storage on both the client and server-side of the company’s service as well as the disconnection of user identities with data containing information about online user activity.
HMA first introduced its no-logging policy earlier this year and its successful third-party audit from VerSprite forms part of a broader initiative by the company to become a privacy champion for users worldwide.
Commercial director at HMA, Andrei Mochola explained why the company decided to carry out an independent audit of its service and infrastructure in a press release, saying:
VerSprite’s technical private independent audit covered HMA’s clients for Android, iOS, Mac and Windows and started from the installation process all the way through the entire data flow of the in-scope endpoint applications.
The firm applied a privacy-focused threat model to encompass manual assessment techniques aimed at identifying where privacy violation risks may be present within the VPN service’s clients. The objective of the independent audit was to identify, report and provide recommendations for any technical gaps related to HMA’s no-logging policy. This isn’t the first time that HMA has worked with VerSprite as the firm also conducted security penetration testing on its VPN service.
CEO of VerSprite Tony UcedaVélez provided further insight on how its security team searched for privacy violations in HMA’s VPN clients, saying:
“For years, VerSprite’s Research & Offensive Security teams have found numerous zero day vulnerabilities and risks in VPN software. HMA relied on our offensive security team’s talents to focus more on privacy violations that could be present via the VPN client software. We worked to help validate the assurances made from the no-logging policy and helped them understand the nature of the risks identified so that they could improve the product’s overall privacy level.”
- We’ve also highlighted the best VPN services