It’s upsetting to learn that apps can be flagged as a danger and a year later, still be causing trouble. Yet, that’s where we are. Android app SuperVPN was labeled as “very dangerous,” despite promising to “protect your privacy and keep you safe.”
Previous Warnings About SuperVPN
Just last year, a technical review said of SuperVPN that “it raises so many old flags, it’s impossible to recommend for even the simplest of tasks.”
The software includes both free and paid apps. Despite its privacy promise, it picked up two separate warnings. VPNpro issued a warning that “more than 105 million people could have their credit card details stolen, their private photos and videos sold online and their private conversations recorded.”
Just a few weeks after that initial warning, VPNpro said SuperVPN “allows hackers to intercept communications between the user and the provider, and even redirect users to a hacker’s malicious server.”
Current Warning About SuperVPN
It’s always surprising that there are numerous VPN apps that are viewed as dangerous. By design, they are supposed to be hiding your location and your browser activity. They should be safe – but that’s where they lull you into a false sense of security.
A third warning about SuperVPN was issued late last week. CyberNews said, “A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services … SuperVPN, considered as one of the most popular (and dangerous) VPNs on Google Play with 100 million installs, as well as GeckoVPN (10 million installs) and ChatVPN (50,000 installs).”
The data of around 21 million users is included in the breach. The stolen information includes names, email addresses, usernames, payment data, and device details. Access logs are included in the breach as well.
After CyberNews viewed some of the breached data, it was informed that all of the stolen data had not been shared. Yet, from what was shared, it was seen as particularly troubling, as it was learned that “devices are being logged and assigned by what devices every user uses, with not only device type but IMSI numbers, etc.”
Obviously, if you are using SuperVPN, you should delete it immediately. It doesn’t mean you are definitely in the clear, however, as there are at least six other apps on Google Play that appear to be very similar.
Last year, VPNpro said of SuperVPN, that “it connects with multiple hosts, with some communications being sent via unsecured HTTP. This contained encrypted data. But after more digging, we found that this communication actually contained the key needed to decrypt the information.”
While SuperVPN is currently in the Play Store (as of this writing), it hasn’t been there throughout. Google removed it last April. Yet, at some point, the app returned.