- All Android users can now verify if their mullvad VPN application is legitimate
- From version 2025.2, Mullvad has caused the compilations of the Android application to be reproducible in an attempt to improve user safety
- Reproducible constructions are a guarantee that the application that installs has not been manipulated by malicious actors
Update: On May 9, 2025, we update this story to include comments we receive from Mullvad after the publication.
All Android users can now verify if their Mullvad VPN application is legitimate before downloading and installing it on your device.
This is because, beginning with version 2025.2, Mullvad has made its Android VPN application reproducible.
The measure comes in an offer to provide users with a reliable and safe VPN application. Reproducible constructions are a guarantee that the application that installs has not been manipulated by malicious actors
Verify that its mullvad android application is composed, bit by bit
By definition, “a compilation is reproducible if, given the same source code, compilation environment and compilation instructions, any part can recreate identical copies bit a bit of all the specified artifacts.”
In a nutshell, the application code you see when you download the application must coincide with the source code published by the application developers. This guarantees that no modifications have occurred during the compilation process.
This comes when 2024 saw an increase in free and malicious VPN applications. Cybercriminals took advantage of more and more demand for virtual private network (VPN) tools to disseminate malware through false software that imitated legitimate services.
VPN -based attacks have also continued in 2025, with Google Warning of attackers that use legitimate VPN applications such as rear door to inject malware and obtain the remote control of infected devices.
“We believe that transparency is crucial for security software. Investing in reproducible constructions is a testimony of our commitment to provide a reliable and safe application,” Mullvad wrote, one of the best VPN suppliers in the market at this time, in its official announcement.
Starting with version 2025.2, our compilations of the Android application are reproducible. This means that you can verify that the application you download and install is built from the open source code that we publish. Read more here: https://t.co/gv1zh8no5oMay 9, 2025
As mentioned above, only the last VPN application of Mullvad’s Android comes with reproducible compilations at the time of writing. It is not yet clear if the company will extend this function in its other applications.
Talking to Techradar, a Mullvad developer welcomed the idea, but said the team still has no direct plans. “There is no reason for us not to do it, only that it has not been prioritized/evaluated for the other platforms,” added the Mullvad developer.
The company now urges all users technically inclined to verify mullvad compilations.
This will not only provide transparency to users, which is the main objective, but also “will allow us to verify that our own compilation environment is not compromised,” said Mullvad developer.
The verification process requires some IT skills, but the VPN company has gathered a set of instructions to help you do exactly that.
“To help ensure that we can produce reproducible compilations over time, we have added such initial checks to our continuous integration environment (IC),” Mullvad added.
You may also like
