Skip to main content

This VPN could have exposed millions of users' data: Delete it now

(Image credit: Super VPN)

Popular free VPN service, SuperVPN, has been removed from the Google Play Store following the revelation that multiple vulnerabilities were leaving possibly millions of users at risk. 

The app had more than 100 million installs on the Google Play Store alone, making it one of the most widely-used VPN services on Android. Specifically, the app was leaving users open to man-in-the-middle attacks, which, in this case, let hackers redirect victims to malicious servers (via TechRadar).

Google removed the app from the Play Store on April 7, but the vulnerability was discovered in October of last year and reported to Google in February. There was ample opportunity for a hacker to take advantage of this issue.

The very purpose of a VPN is to encrypt your internet traffic, yet this flaw allowed hackers to view users' activity and send them to a malicious server where they could capture personal or financial data. All the while, the helpless users would assume they were using a secure VPN, which makes the vulnerability all the more galling. 

The company behind SuperVPN is called SuperSoftTech and is believed to be based out of Beijing. This isn't the first time the company has drawn less-than-desirable attention. Back in 2016, SuperVPN was flagged by multiple security researchers for malware found in its VPN apps, but it managed to hang around the Google Play Store and eventually rise to great popularity.

If you have SuperVPN installed on any device, uninstall it immediately. If you are in the market for a new VPN, our sister site Tom's Guide has a roundup of some of the best VPN services.