The Tor Project takes a major step toward launching its mobile VPN with successful Cure53 audit

1. VPN
2. VPN Services

The Tor Project takes a major step toward launching its mobile VPN with successful Cure53 audit News By Rene Millman published 17 April 2026

Despite passing its core security checks, a few minor vulnerabilities are being ironed out.

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: The Tor Project)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get daily insight, inspiration and deals in your inbox

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore An account already exists for this email address, please log in. Subscribe to our newsletter

• Security firm Cure53 performed a penetration test on TorVPN for Android and its Onionmasq networking layer in June 2025.
• The assessment found no fundamental flaws in how the application routes traffic or establishes secure tunnels to the Tor network.
• Developers are currently patching low-level DNS and input validation bugs that could potentially lead to denial-of-service in rare scenarios.

For millions of users worldwide, the Tor network is the gold standard for staying anonymous online. Now, the developers behind the project are moving closer to launching a dedicated mobile application, and a new independent code audit suggests the technical foundations are rock solid.

In recent years, the privacy organization has been working to expand its mobile offerings, including the ongoing development of TorVPN. The ultimate goal is to make Tor-based protections much more accessible to everyday smartphone users while maintaining the strict security guarantees the network is famous for.

As part of this ongoing mission, the Tor Project recently commissioned renowned cybersecurity firm Cure53 to rigorously test TorVPN for Android.

You may like

• 'No major vulnerabilities' — Mullvad’s WireGuard implementation gets thumbs up from independent security audit
• Google killed its dark web scanner, but NordVPN’s upgraded tool is here to fill the void
• "In conclusion, the reviewed scope appears to be on a good security level compared to systems of similar size and complexity." — Independent review confirms Mullvad’s strong privacy protections

According to a post on the official Tor Project Forum, the penetration testing took place in June 2025, evaluating both the Android application and its underlying networking layer, known as Onionmasq.

While the mobile app isn't ready to challenge the overall best VPN providers on the market just yet, the results are incredibly promising. Cure53 reported that the software successfully maintains its core security requirements, paving the way for a safer, more private mobile browsing experience.

Under the hood of TorVPN

Unlike traditional consumer VPN services that route your traffic through a centralized server, the TorVPN Android application routes a user's device traffic through the decentralized Tor network. This makes it significantly harder for internet service providers or malicious actors to track your digital footprint.

Because this level of anonymity requires flawless execution, Cure53's assessment looked closely at how TorVPN establishes its connections. The security firm also tested Onionmasq, a Rust-based tunnel interface that handles everything from low-level network traffic forwarding and TCP/UDP parsing to DNS resolution and routing traffic to the Tor network via the Arti implementation.

Thankfully, the major takeaways are highly positive. Writing on the official forum, a Tor Project representative confirmed: "The audit found that Tor's core integration remains robust, with no fundamental issues in tunnel establishment or routing."

Ironing out the final bugs

While the core privacy features are functioning securely, Cure53 did flag a handful of technical concerns that need to be patched before a wider rollout.

The majority of these vulnerabilities centered on "incomplete input validation and weaknesses in DNS handling." According to the forum post outlining the audit results, these specific flaws could theoretically be exploited to create "denial-of-service conditions in certain rare conditions," which would temporarily crash or disrupt the application.

Testers also suggested implementing better cryptographic hardening, specifically pointing out certificate pinning and randomness as areas for improvement. Additionally, the audit noted some typical mobile security quirks, including "plaintext configuration storage and lack of root detection."

If you're eager to try the app to secure your smartphone, the good news is that the Tor Project team is already on the case. The organization stated that all findings are currently being tracked and actively addressed as part of its ongoing security work. By using this audit to prioritize resource management, tighten validation, and implement established security libraries, the final version of TorVPN for Android is shaping up to be a powerful, privacy-first tool.

Today's best VPN dealsNordVPN 2 Year US$3.39/mthView+3 months freeSurfshark 24 Months US$1.99/mthView+4 MONTHS FREEExpressVPN 24 month US$2.44/mthViewProton VPN US$2.99/mthViewWe check over 250 million products every day for the best pricespowered by Rene MillmanContributing Writer

Rene Millman is a seasoned technology journalist whose work has appeared in The Guardian, the Financial Times, Computer Weekly, and IT Pro. With over two decades of experience as a reporter and editor, he specializes in making complex topics like cybersecurity, VPNs, and enterprise software accessible and engaging.

View More

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more VPN Services 'No major vulnerabilities' — Mullvad’s WireGuard implementation gets thumbs up from independent security audit VPN Services Google killed its dark web scanner, but NordVPN’s upgraded tool is here to fill the void VPN Services "In conclusion, the reviewed scope appears to be on a good security level compared to systems of similar size and complexity." — Independent review confirms Mullvad’s strong privacy protections VPN Services Independent auditors confirm Surfshark’s VPN infrastructure as secure VPN Services “Not equipped to handle that responsibility”: the VPN industry reacts to TechRadar's latest research VPN Services Malwarebytes just proved its no-logs VPN policy is the real deal VPN Services The best dark web VPN VPN Investigation: over 75% of Android VPNs fail basic transparency tests VPN Services No data shared — Private Internet Access reinforces its no-log claims with independent audit and transparency report VPN Privacy & Security Beyond no-log: Tor looks into seizure-proof servers that forget your data VPN Services AdGuard goes open-source with its custom VPN protocol that can mimic web traffic VPN Services NymVPN is one-year old — and it's celebrated its birthday with a host of announcements for the future Latest in VPN Services VPN Services IPVanish has begun offering Amazon gift cards when you refer a friend — here's how much you could earn VPN Services VPN deal of the week: Our exclusive Surfshark deal gives you year-low prices and 4 months extra protection — here's how to claim VPN Services NordVPN promises urgent Mac app update after users dub latest release a "dumpster fire" VPN Services Surfshark fixes broken post-quantum VPN protocol after TechRadar investigation VPN Services Future-proof your privacy on World Quantum Day 2026 VPN Services Windscribe drops crucial VPN update to bypass strict internet blocks in Iran, Russia, China VPN Services Surfshark's post-quantum 'Dausos' promises up to 30% faster speeds — I couldn't even load a speed test VPN Services NordVPN expands its server network to 211 locations worldwide — and takes over the US VPN Services Proton VPN promises better stability for Linux users with latest app update VPN Services Meet Dausos, Surfshark's 'paradise' VPN protocol that seeks to raise the bar for speed and security VPN Services Surfshark just dropped its best deal of the year — plans start from less than $50 for 28 months protection VPN Services AdGuard VPN has a new app for iPhone — and you can try it out for 7 days for free Latest in News Virtual Reality & Augmented Reality Gucci and Google to partner on Android XR smart glasses for 2027 release Tech Starlink outage left 24 unmanned US Navy vessels stranded in the water Samsung Galaxy Phones Samsung explains why it no longer makes small smartphones How to Watch TV Shows How to watch The Murder Line online from anywhere — it's *FREE* Turntables ‘Your vinyl, vacuum-clamped’: this elite turntable makes your records float on air Mirrorless Cameras Insta360's first mirrorless camera leaked — and it's splitting opinion Nintendo Tomodachi Life: Living the Dream devs say there was 'a big debate' about whether Miis should fart — 'We really obsessed over getting the sound just right' Virtual Reality & Augmented Reality Meta hikes Quest 3 and Quest 3S prices — and blames the RAM crisis Storage & Backup More fake Samsung SSDs have been spotted – and CPU sales are slumping badly Gaming 007 First Light has its own Bond theme by award-winning singer Lana Del Rey Pro OpenAI takes major shot at Claude Code with major workplace updates Google Pixel Phones Google Pixel 11 may feature 'Pixel Glow' RGB notification lights LATEST ARTICLES

1. 1The Tor Project takes a major step toward launching its mobile VPN with successful Cure53 audit
2. 2You might soon be able to buy luxury Gucci-branded Android XR smart glasses, and we dread to think what they’ll cost
3. 3Legendary strategy franchise Heroes of Might and Magic is back in the first new entry in over a decade — 'This is one of those generational games' developer says
4. 47 new movies and TV shows to watch on Netflix, Prime Video, HBO Max, and more this weekend (April 17)
5. 5Tomodachi Life: Living the Dream devs say there was 'a big debate' about whether Miis should fart — 'We really obsessed over getting the sound just right'