Unfortunately, Google has officially declared to remove the Android VPN applications from the Google Play Store. This action of Google has affected many VPN applications that have downloads in millions, including the SuperVPN (having 100 Million Downloads).
What is a VPN?
VPN stands for Virtual Private Network. Technically it allows the users to create a private network over the public system. It secures the users’ connection via an encryption-decryption mechanism and hides the original location of the user. The VPN Servers act as the internet gateway for the users. Moreover, the tunnels over the public network are created by using one of the following VPN technologies.
- IPSec.
- Open VPN.
- And others.
As far as the theoretical concept of VPN is concerned, it is used to stop the intruders from sniffing the traffic of your Internet device. Several applications serve purposely, and SuperVPN is one of the best among them.
What the VPNPro Said about Vulnerability?
VPNPro is one of the best company that reviews the technical implementation of VPN apps and advices the developers. The researcher notified in Feb 2020 a loophole in the Application that can become a cause of MITM (Man in the Middle) attacks. MITM attacks allow hackers to enter between the user & VPN services.
The VPN application was sending the encrypted data, but the encryption key is hardcoded the reviewer said. That’s hardcoded key makes the decryption of the data super easy for SuperVPN. The reviewer successfully decrypts the data of user using SuperVPN and replace it with its own.
That means that attackers can forcedly make the SuperVPN connect with any fake server and can easily see the data in the traffic. That might include either password, hidden text, or voice messages.
Who Discover the SuperVPN Vulnerability & why SuperVPN is removed?
The VPNpro’s employee Jan Youngren discovered that vulnerability in the SuperVPN Android Application in October 2019. The Youngren informed the company of the VPN application “SuperSoftTech,” but they didn’t respond of time. So, as a result, the researcher notified the issue to the GPSRP (Google Play Security Reward program). The team also tried to get in touch with the developers of SuperVPN. They also not get any response from them, so they removed the Application for the Google Play Store recently on the 7th of April 2020.
It is not happening for the first time in the history of SuperVPN. In 2016 paper, a security risk loophole was defined in that Android VPN app. In 2016 the whole research was presented in IMC. The VPNPro found that 13 different antivirus applications are capable of detecting the malware activities in the SuperVPN.
Conclusion
SuperVPN wasn’t the only Android Virtual Private Network Application there are 9 other apps as well mentioned in the blog post of VPNPro that having loophole to MITM attacks. Unfairly, many of them are still available on the Google Play Store to Download.