After analyzing the top free VPNs available on the Google Play Store, security researchers have discovered that several contain critical vulnerabilities.
VPNPro's investigation found that the app SuperVPN Free VPN Client, which has over 100m installs, contains critical vulnerabilities that open users of the app up to man-in-the-middle (MITM) attacks.
By exploiting these vulnerabilities, a hacker can easily intercept all of the communications between a user and the VPN provider to find out exactly what the user is doing online.
- Security flaws found in top free VPN Android apps
- Ethics and VPN: the industry needs to aim higher
- The hidden truth behind ‘unlimited’ or ‘lifetime’ VPNs
According to VPNPro, nearly 105m users who have installed SuperVPN Free VPN Client could be at risk of having their credit card details stolen, their private photos and videos leaked or sold online or their conversations recorded. To make matters worse, of the top free VPN apps analyzed by its security researchers, 10 other apps contained similar vulnerabilities.
Free VPN apps
Besides SuperVPN Free VPN Client, the other free VPN apps that VPNPro found to have vulnerabilities include TapVPN Free VPN, Best Ultimate VPN – Fastest Secure Unlimited VPN, Korea VPN – Plugin for Open VPN, VPN Unblocker Free unlimited Best Anonymous Secure, Super VPN 2019 USA – Free VPN, Unblock Proxy VPN, Wuma VPN-Pro (Fast & Unlimited & Security), VPN Download: Top, Quick & Unblock Sites, Secure VPN – Fast VPN Free & Unlimited VPN and Power VPN Free VPN.
Cybersecurity expert at VPNPro, Jan Youngren explained to 9News that using a free VPN could actually leave users less protected than not using one at all, saying:
"(VPN users are) more willing to transmit sensitive information on VPN apps than on other apps. For a VPN app to then be so vulnerable is a betrayal of users' trust and puts them in a worse position than if they hadn't used any VPN at all."
VPNPro disclosed these vulnerabilities to the developers of all 10 affected VPN apps back in October in order to give them enough time to fix these issues. However, only one VPN app, Best Ultimate VPN, responded and patched the vulnerabilities.
- Looking for a VPN without vulnerabilities? Check out our complete list of the best VPN services