04-10-2020 , 09:57 AM
Google removes one of biggest VPN apps from Play store due to vulnerability
Google has confirmed that SuperVPN, which has 100 million installs, has a vulnerability that allows for a critical MITM attack. On April 7, it was finally removed from the Google Play store.
SuperVPN Free VPN Client is an amazingly successful free VPN Android app. It has more than 100 million installs on the Play store, having started from only 10,000 installs nearly four years ago.
Unfortunately, it’s also an amazingly dangerous free VPN Android app. Our research has shown that it has critical vulnerabilities that allow for man-in-the-middle (MITM) attacks that can easily allow hackers to intercept communications between the user and the provider, and even redirect users to a hacker’s malicious server instead of the real VPN server.
Recently, Google confirmed to us that this vulnerability still exists. We disclosed the finding through the Google Play Security Reward Program (GPSRP) because we have been unable to contact SuperVPN’s developer, SuperSoftTech. GPSRP allows security analysts to disclose vulnerabilities for apps with more than 100 million installs.
On March 19, the Google team confirmed to us that the vulnerability was still present in the latest version of Super VPN:
https://vpnpro.com/blog/google-removes-one-of-biggest-vpn-apps-from-play-store-due-to-vulnerability/
Google has confirmed that SuperVPN, which has 100 million installs, has a vulnerability that allows for a critical MITM attack. On April 7, it was finally removed from the Google Play store.
SuperVPN Free VPN Client is an amazingly successful free VPN Android app. It has more than 100 million installs on the Play store, having started from only 10,000 installs nearly four years ago.
Unfortunately, it’s also an amazingly dangerous free VPN Android app. Our research has shown that it has critical vulnerabilities that allow for man-in-the-middle (MITM) attacks that can easily allow hackers to intercept communications between the user and the provider, and even redirect users to a hacker’s malicious server instead of the real VPN server.
Recently, Google confirmed to us that this vulnerability still exists. We disclosed the finding through the Google Play Security Reward Program (GPSRP) because we have been unable to contact SuperVPN’s developer, SuperSoftTech. GPSRP allows security analysts to disclose vulnerabilities for apps with more than 100 million installs.
On March 19, the Google team confirmed to us that the vulnerability was still present in the latest version of Super VPN:
https://vpnpro.com/blog/google-removes-one-of-biggest-vpn-apps-from-play-store-due-to-vulnerability/