Android users were warned back in February that an app with over 100 million installs could leave their devices open to attack from malware and hackers. Now those with it installed are being told to delete it immediately. Known as SuperVPN Free VPN Client, the app has been available on the Google Play Store for a number of years – however, researchers recently uncovered some nasty surprises buried in the code.
According to the team at VPNPro, the free-to-download app has a number of critical vulnerabilities that leaves it open to dangerous hacks known as man-in-the-middle (MITM) attacks.
These vulnerabilities enable hackers to intercept every communication from your device and the VPN provider, allowing hackers to see everything you’re doing online. So, each time you open a new browser window in Chrome, make a video call, or load-up an app – all of that information pinging from your smartphone and the servers could be passing under the eyes of nefarious hackers.
These issues were reported to Google with tech company confirming that the vulnerability was still present in the latest version of Super VPN.
- OnePlus 8 hasn’t launched yet but its Android rivals should be afraid
Now it seems Google isn’t happy hosting the service on its Play Store with the free version of the app now officially deleted. However, despite Google stopping any more downloads, the app will still be present on any devices that may have already installed it and the advice from the security experts is clear – delete it now.
Explaining more, Jan Youngren Security researcher at VPNPro said: “SuperVPN used a wide range of shady techniques to help it rank highly in Google, as well as to hide who actually owns the app, where it’s located, and the other apps from the same developer that may have similar issues.
“But lastly, and most importantly, it seems that the entire time the app was on the Play store, it had critical vulnerabilities in one way or another, either by being a vehicle for malware in 2016, or allowing for MITM attacks just before being removed.
“The only thing unclear now is whether these vulnerabilities are due to mistake, or intention. Nonetheless, there are millions of users right now with a dangerous app on their phone. If you’re one of those users, we implore you to delete SuperVPN immediately.”
VPNs have become hugely popular in recent years – and a quick search on the Google Play Store reveals numerous apps that claim to offer the perfect experience.
If you still want to use this web-accessing software, here’s some advice from VPNpro.com to help keep you safe.
• Do I know this VPN developer or brand? Do they seem trustworthy?
• Where is the VPN located? Is it in a privacy-friendly country?
• For mobile apps, what permissions are they requiring? Do they actually need those permissions to function (such as the camera, GPS, microphone)?
• Free is great – but can you trust this VPN? There are a few commendable free VPNs or VPNs with free options from reputable brands.
Source: Read Full Article