Last month we spoke about a number of VPN and ad blocking apps being called into question after security researchers discovered that its developers were secretly mining user data. The apps were eventually removed from both the Play and App Stores after it was discovered that they had ties with a marketing company which sold data to advertisers.
Now we are looking at another scenario where Google has to pull another popular VPN app from its Play Store, this time because of a vulnerability which could allow hackers to carry out man-in-the-middle attacks.
Security experts discovered that SuperVPN, a freemium VPN app which has been installed on over 100 million devices globally, has a backdoor which could be used to intercept messages between device owners and servers. Hackers could even go as far as redirecting traffic away from the legitimate VPN servers. They also found out that traffic could be delivered via the less secure HTTP protocol.
SuperVPN offers free VPN services across 6 data centers, and offers users free access for the first 60 days After that you can use up to 60 minutes free per session. With so much free access, it’s no wonder the app has gained so much popularity. However, TechRadar points out that there have been a number of privacy issues in the past associated with the app, indicating that the VPN was rigged with malware. However its user base grew exponentially as COVID-19 quickly became a global pandemic.
Even though the app was pulled from the Play Store, the more than 100 million users who already have it installed are still at risk and are asked to remove it immediately.
Outside of the corporate arena, VPN apps are typically used more and more to bypass geo restrictions. This means that someone living in Madagascar can now have access to the US version of Netflix, or someone living in China could bypass their country’s Great Firewall and have access to Facebook and YouTube.
[Featured Photo: AbsolutVision/Pixabay]