Here’s Another Reason Why Using a Free VPN for Android Is a Terrible Idea.
There is no such thing as a great free VPN. Or rather, there is only one free VPN that you have to trust, and that’s the one you set up yourself. Otherwise, any app that promises you a free and secure VPN service either tracks what you do, or sends information about your activity to advertisers, or invests almost nothing in its security.
This doesn’t mean that every paid VPN provider is perfect, but I would avoid free ones like the plague coronavirus. And this is especially true of SuperVPN , an Android app that has been downloaded over a hundred million times on the Google Play store. If you own this app or use this app, uninstall it from your Android right now, because it’s rubbish – so much so that Google pulled SuperVPN out of the Google Play Store by itself.
The sad thing is that we should have foreseen this: VPN info and VPNpro review resource posted a SuperVPN warning two months ago , writing:
“But besides being a very popular app, there is one more thing you need to know about this free VPN: SuperVPN’s free VPN client is also very dangerous. You see, our analysis shows that this application has critical vulnerabilities that expose it to dangerous attacks known as intermediary hacking (MITM) attacks. These vulnerabilities would allow hackers to easily intercept all communications between the user and the VPN provider, allowing hackers to see everything the user is doing.
This is actually the exact opposite of what a VPN is supposed to do. A VPN is supposed to protect your online activities from prying eyes. In fact, the VPN is supposed to be so secure that even if a hacker can intercept these messages, it will take them longer than the age of the universe to even begin to decrypt the data. But SuperVPN is not here. “
While SuperVPN was not the only VPNpro app analyzed at the time, it was by far the most popular, with nearly ten times the downloads of other apps on the VPNpro list. This list, by the way, lists many VPNs that have all been vulnerable to attacker-in-the-middle attacks; In other words, a list of VPN apps that you absolutely shouldn’t use. But you shouldn’t use them anyway , because you should never sign up for a free VPN service. Clear?
In SuperVPN’s case, the app was wrong in many ways. His most serious technical problem in allowing these man-in-the-middle attacks was that he was transmitting encrypted information about his servers, which was easily decrypted by the application stupidly hard-coded the key as part of the transmission. (D’oh. )
Browsing the Internet using over-secured HTPPS connections will certainly help you stay safe against man-in-the-middle attacks, but not every website is configured to use HTTPS – nor does the presence of HTTPS on a site automatically mean it is safe and deserving. trust . And there are many other fun tricks that can be used in attacker-in -the-middle attacks to limit your security until you give up useful credentials or other sensitive data.
VPNpro has some helpful tips on how to avoid security issues when choosing your next VPN, including asking yourself:
- Do I know this VPN developer or manufacturer? Do they seem trustworthy?
- Where is the VPN located? Is it in a country where confidentiality reigns supreme?
- What permissions are required for mobile apps? Do they really need these permissions to work (e.g. camera, GPS, microphone)?
And again, don’t use free VPNs. You should research any VPN you are going to pay for – I mean, really research it , not just read some app store reviews or a single analysis from some VPN friendly site that might be getting affiliate money under the giveaway table. buckets of praise. Sites that are obsessed with privacy and recommend scarce VPNs are great; sites that are praised by many VPNs because of their cost, speed, or user interface? Not so much.