Nobody denies that the Play Store from Google has many useful things to offer us when it comes to apps, games, e-books, and more. But you know what they say that there’s no such thing as perfection in this world, and it also applies for a behemoth like Google.
Researchers had been releasing numerous warnings and reports regarding an app from the official app store for Android users, and they classified the app as being ‘very dangerous’. Therefore, Google finally decided to take it down after it reached around 100 million downloads. Ironically enough, the pesky piece of software is officially a security app.
Its name is ‘SuperVPN Free VPN Client’
The issue regarding the ‘SuperVPN’ app was a security vulnerability that exposed users to “critical man-in-the-middle attacks.” While the risk has now been removed, the main issue is that 100 million Android users may still have the app installed. The only wise decision they can make is to delete the app ASAP and eventually run an antivirus scan on their devices.
VPNpro stated the following about the SuperVPN app:
we noticed that SuperVPN connects with multiple hosts, with some communications being sent via unsecured HTTP. This contained encrypted data. But after more digging, we found that this communication actually contained the key needed to decrypt the information.
The team also says that it’s “surprised Google allows such a major app with at least 100 million installs to remain on the Play store with such a glaring vulnerability.”
The researchers found issues like unencrypted HTTP traffic, payload including EAP credentials, and hardcoded encryption keys for the SuperVPN app. They warned even since February that users could get their credit card details stolen, their videos and photos sold online, their conversations recorded, and so on.
Hopefully, the big danger had passed and no users had to suffer. One major rule of the internet is to not trust everything you read online.