SuperVPN pulled from Google Play store after critical vulnerability found


The cautionary tales about free VPNs should be well known to readers of this site and anyone with even a basic knowledge of VPNs.

But that doesn’t stop new examples cropping up again and again and it should come as no surprise given the growth in the use of VPNs and the increased scrutiny they are facing as a result, that another of the big-name free VPNs has fallen.

SuperVPN was one of the biggest free VPNs available in the Google Play store. Android users had downloaded it more than 100 million times, and this has grown from 50 million in just the last three months. It was a staple feature in the top 5 VPN apps on the Play store’s searches and charts.

But it has now been pulled from the Google Play store after testing revealed that it contained a critical vulnerability that was placing every user at risk.

SuperVPN’s myriad of flaws

Testing of SuperVPN has found that it contains a critical vulnerability that exposes all users to the risk of what is known as a Man-in-the-Middle (MOTM) attack.

An MOTM attack is when a hacker or state agent is able to intercept and redirect internet traffic as well as possibly make changes to the content of the data.

The SuperVPN vulnerability allowed hackers to redirect user traffic away from official VPN servers and through their own malicious servers. Given the level of encryption deployed by SuperVPN, this is also likely to give them access to user data and allow them to see everything SuperVPN users are doing online.

The tests showed that SuperVPN’s Android app allowed sensitive data to be delivered over insecure HTTP. It also found that while information sent between the user and the backend was encrypted, the key for that encryption was stored in the app itself. This means even a novice hacker would be able to decode and read everything.

These are not just small issues that can be solved with a simple patch. These are critical vulnerabilities that compromise the entire app and render SuperVPN essentially useless for the purpose of protecting user security and privacy.

SuperVPN’s track record of failure

While it is welcome that Google has pulled SuperVPN from its app store, long-time observers would no doubt argue that this should have happened a long time ago. Like many free VPNs, SuperVPN has a long record of security issues and its very origin is unknown.

SuperVPN is published by a company called SuperSoftTech which is listed as being based in Singapore. But closer inspection shows that it is actually owned by Jinrong Zheng, who is based in, you guessed it, Beijing.

That makes it the latest in a long line of free VPNs with direct links to Communist China, a country where all companies are required to hand over all data to state authorities if requested to do so

According to TechRadar, Zheng is also responsible for LinkVPN, another free VPN, that claims to be based in Hong Kong. LinkVPN is connected to a company called Shenyang Yiyuansu Network Technology, which in Apple’s App store is listed as the developer of… SuperVPN.

The first identified security issue with SuperVPN emerged back in 2016 when Australian researchers flagged it has the VPN with the third-highest instance of malware of any VPN on the net.

Its rise up the Google Play charts has also been put down to foul-play. The publisher appears to have flooded Google Play with fake reviews from anonymous accounts and generated illegitimate backlinks to boost its rating. These tactics will be familiar to anyone who has seen how the Chinese Communist Party’s so-called ‘Dollar-Army’ of paid online hackers and trolls work.

Delete SuperVPN and don’t risk free VPNs

If you are one of the millions of people around the world who have been hoodwinked into downloading SuperVPN and think you are protecting your online security and privacy, the advice is clear.

Delete SuperVPN now!

Far from protecting you online, it is putting you at even greater risk than not using a VPN at all.

Sadly, it is not alone. Almost all free VPNs make money by either exploiting user data, bombarding them with adverts, or installing malware, spyware, and adware onto their devices.

Free VPNs simply aren’t worth the risk. This is especially true when the top-end premium VPNs are available for as little as a couple of pounds a month. For the price of a pint, you can ensure all of your internet traffic is secure and your online privacy is protected.

At a time, when we are all stuck at home far more than we would like and using the internet more than we should, online security has never been more important.

Free VPNs like SuperVPN are incapable of delivering this level of security. Many do not even try. Don’t trust your online security to these online pirates and agents of the world’s worst regimes.

VPNs such as SuperVPN just are not worth the risk.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *