
Windscribe, a Canada-based VPN provider known for its no-logs policy and open-source infrastructure, has accused JET VPN of illegally hijacking its server network to power a free Android app.
The company says JET VPN did so without consent, and has called them out for piggybacking off its servers in what it describes as a shameless attempt to ride the free VPN wave. They have been blocked to prevent further abuse.
According to Windscribe, the app rerouted its user traffic through Windscribe’s infrastructure to deliver VPN functionality without building or maintaining its own network. The access has since blocked JET VPN’s access to prevent further abuse.
Highlighting their concern about the incident, a Windscribe post on X formerly Twitter read, “No one’s heard of them but they came out of nowhere into the top 10 Free Apps in the Play Store.”
Rerouting through Windscribe’s infrastructure would have likely allowed JET VPN to provide working VPN connections without running its own servers.
In follow-up posts on X, Windscribe shared a screenshot showing JET VPN’s surge into the top 10 Free Apps on the Google Play Store that raises suspicion.
In consecutive messages on X, the official account of Windscribe shared, “Well, we banned your access to our service, so enjoy your broken app you slimey [expletive].”
Windscribe pointed out that JET VPN’s package name, ‘com.xmmobilelab.coffeephoto,’ suggests the app was originally a photo frame tool repurposed into a VPN.
Another X post read, “Imagine getting a picture frame app, updating it one day, and suddenly it's a VPN app that can do god knows what with your connection.”
Windscribe also called on Google to address the issue, tagging @GooglePlay and writing, ”Where's the quality control? And how are you letting so many botted ratings get through?”
Based on the posts on X, it appears that it is not an isolated case experienced by Windscribe.
The posts that got a huge response from social media users pointed to another app, Hizen, as a similar case involving fake reviews and hidden infrastructure.
Windscribe, in its response to users on X about how JET VPN was able to exploit its infrastructure, acknowledged the technical challenges of fully blocking such misuse without degrading user experience.
“It's not that simple, do you wanna do a captcha every time you connect to the VPN? Probably not. But we are adding some more mitigations to protect against this sort of thing,” the company explained on X.
Windscribe noted that the activity linked to JET VPN had only been occurring for a few days, suggesting the abuse was recent and quickly acted upon. The company also confirmed that additional safeguards are in development to prevent similar exploits without adding friction for legitimate users.
Free VPNs often cut corners, sometimes routing traffic through third-party services without disclosure. It raises concerns about users unknowingly relying on infrastructure not operated by the app itself, a practice that can introduce service instability and erode trust.
This incident also underscores a growing concern in the VPN space where lesser-known apps exploit trusted infrastructure to deliver “free” services, often without proper safeguards or user knowledge.
The JET VPN app on Google Play has been developed under the name MetalGroup. It promotes itself as a fast, secure VPN for streaming and browsing, boasting over 1 million downloads and a 4.6-star rating.
While the full impact of JET VPN’s alleged misuse remains unclear, users should proceed with caution. VPN apps that operate without transparency or known infrastructure partners may pose risks ranging from connection instability to poor data handling practices.
TechNadu has reached out to Windscribe for comment. This article will be updated if new information emerges.