VPN app threatens 100 million: Delete it right now

(Image credit: Shutterstock)

A VPN with more than 100 million installs has been removed from the Google Play Store. And if you have it on your Android phone, you should delete it right now.

According to VPNPro, SuperVPN, a free VPN client, is "an amazingly unsafe" app. The problem? It has disquisitional vulnerabilities that allow for human being-in-the-middle attacks. And that means that hackers can easily intercept communications and redirect users to a hacker'due south server instead of the existent thing.

The all-time VPNs you can trust
Best Android antivirus apps
Latest: WhatsApp just got a huge upgrade

As reported past TechRadar, VPNPro had reached out to Google every bit part of its Google Play Security Reward Program on March 19, and at that time the company had validated the vulnerability.

Unfortunately, neither Google nor VPNPro was able to accomplish the developer, SuperSoftTech, in society to patch the effect. Google then removed the SuperVPN altogether on Apr 7 from the Google Play Store.

To put the popularity of SuperVPN in perspective, it has about the same number of installs as Tinder.

Why SuperVPN is so dangerous

The analysis of the SuperVPN app constitute multiple troubling issues. For instance, on 1 of the multiple SuperVPN hosts, the packet or payload of information being sent from the app "contained the key needed to decrypt the information."

This vulnerability allowed VPNPro to supercede the SuperVPN server data with its own server data. Another big no-no is that some data was being sent via unsecured HTTP, which is unencrypted. That ways anyone sniffing can read your communications.

Apparently, SuperVPN had already been named the third-near malware-rigged app in 2016 in an Australian research article, but the app connected to grow in popularity. This was accomplished via such blackout SEO tricks as generating a large corporeality of faux reviews.

There is a SuperVPN app listed in the Apple App Store that'due south nonetheless available as of this writing that has "cheng cheng" listed as its developer. But it's not clear whether it has the same vulnerabilities as the Android version. Regardless, nosotros would be wary of downloading information technology.

Mark Spoonauer is the global editor in main of Tom'south Guide and has covered engineering science for nearly 20 years. In addition to overseeing the direction of Tom'southward Guide, Mark specializes in roofing all things mobile, having reviewed dozens of smartphones and other gadgets. He has spoken at key industry events and appears regularly on TV to discuss the latest trends. Mark was previously editor in principal of Laptop Mag, and his work has appeared in Wired, Popular Scientific discipline and Inc. Follow him on Twitter at @mspoonauer.