Google has removed the popular free VPN service, SuperVPN, from their Play Store after researchers discovered multiple vulnerabilities that could put millions of users at risk. These security flaws could allow hackers to intercept communications between the user and the provider and even redirect all traffic to malicious servers.
No such Thing as a Free Lunch
A virtual Private Network or VPN creates a secure connection between the user and the internet. It sends all data traffic through an encrypted virtual tunnel, thus providing crucial benefits to users. Some users turn to VPNs to better secure their connections, others to, for example, stream American Netflix from anywhere in the world.
There are a lot of VPN’s on the market for many different purposes. This can make it difficult to make the right choice. Speed, ease of use, the numbers and location of servers, price and additional features are all aspects users take or should take into consideration. As is security and privacy, of course.
Paid VPNs – or trial versions of paid versions – are generally more secure. Some free versions do their job acceptably well. But unfortunately, many services that claim to be “free”, secretly take something from the user in return. They might record the websites users visit, sell usage data, or push adware and malware installations instead of protecting users from them.
SuperVPN Leaves Gates Open to Attacks
Some of the vulnerabilities discovered in SuperVPN leave the gates wide open to man-in-the-middle attacks. These kinds of attacks can target any type of online communications. First, hackers redirect online activity through their network before it reaches the receiving party. The hacker can then see all the data without the user’s knowledge – including banking details, passwords and private voice and text messages, for example. After accessing the data, the hacker will proceed to decode it using a process called decryption.
Security researchers had already detected these flaws back in October last year. In March they discovered that the vulnerabilities were still buried in the code of the newest version of the app. As they were not able to contact the developer directly, they reported the vulnerabilities via Google’s Play Security Reward Program. This bounty program allows for disclosures of apps with more than 100 million downloads.
On 7 April, Google took the step of officially deleting SuperVPN Free VPN Client from their Play Store. The Pro version, however, is still available.
Delete SuperVPN Now
Even as far back as 2016, an Australian research article named SuperVPN as one of the most malware-ridden free VPNs available on the market. At the time SuperVPN had only 10,000 installs. Now, four years later, the app has been downloaded over 100 million times.
In the first two months of 2020 alone, the number of downloads went from 50 million to more than 100 million. This was most likely the result of the worldwide uptick in VPN services, prompted by the Coronavirus pandemic.
The millions of users who still have the app installed, are advised to delete it immediately.
Red Flags when Choosing a VPN
When choosing a VPN there are some red flags that should make the potential user steer clear from certain “services”. Some of these warning signs are:
- The provider shares, tracks or keeps logs of user activity
- The VPN makes the user’s internet connection painfully slow
- There are no contact details for a helpdesk or customer support
- The service uses PPTP or L2TP encryption only
When looking for a reliable VPN, it is worth checking independent reviews so as to be able to make a well-informed decision.