With 100 million installations, SuperVPN is very popular but it also has critical vulnerabilities that makes it very dangerous
With 100 million installations, SuperVPN is very popular but it also has critical vulnerabilities that makes it very dangerous. Reported by TechRadar, VPNPro had reached out to Google as a part of its Google Play Security Reward Program on March 19 and that was when the company had validated the vulnerability.
The Google Play Store has removed SuperVPN from the platform and if you have it on your Android Phone, you should delete it right now as well.
According to VPNPro, SuperVPN (a free VPN client) is an “amazingly dangerous” app and it has critical vulnerabilities that allow for man-in-the-middle attacks. What are man-in-the-middle attacks? These vulnerabilities allow hackers to easily intercept communications and redirect users to hackers’ servers instead of the servers they are meant to.
Both Google and VPNPro tried to reach the developers behind SuperVPN – SuperSoftTech – to patch the issue but were unable to get to them. Google then removed the SuperVPN app from the Play Store on April 7.
To understand exactly HOW popular SuperVPN is, let’s put it this way – the app has about the same number of downloads as the dating app Tinder.
Why SuperVPN is so dangerous?
SuperVPN has a lot of issues. For starters, on one of the multiple SuperVPN hosts, “the package or payload of data being sent from the app ‘contained the key needed to decrypt the information’ which allowed VPNPro to replace SuperVPN server data with its own server data.
Another issue was that some of the data being sent was channelled through unsecured HTTP which is unencrypted. Basically, anyone who wants can read all your communications.
According to reports, SuperVPN had been named the third-most malware-rigged app in 2016 in an Australian research article, but the VPN continued to grow popular. And this was accomplished via blackout SEO tricks like “generating a large amount of fake reviews”.
There is a SuperVPN app listed in the Apple App Store that’s available right now that has “cheng cheng” listed as its developer. But it’s not clear whether it has the same vulnerabilities as the Android version. Regardless, we suggest you don’t download this either.