Security News > 2020 > April > Google removes Android VPN with ‘critical vulnerability’ from Play Store
Google has removed an Android VPN program from the Google Play store after researchers notified it of a critical vulnerability.
VPNpro, a company that reviews and advises on VPN products, warned in February of a vulnerability in the product that could cause a man in the middle attack, enabling an intruder to insert themselves between the user and the VPN service.
What this VPN app has done is to leave its users, people seeking extra privacy and security, to actually have less privacy and security than if they'd used no VPN at all.
Instead, it notified the Google Play Security Reward Program, operated for Google by HackerOne.
SuperVPN wasn't the only Android VPN to raise VPNpro's concerns.
News URL
Related news
- Google rejected 2.28 million risky Android apps from Play store in 2023 (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (source)
- Google blocked 2.3M apps from Play Store last year for breaking the G law (source)
- Google now pays up to $450,000 for RCE bugs in some Android apps (source)
- Bug hunters can get up to $450,000 for an RCE in Google’s Android apps (source)
- Android bug can leak DNS traffic with VPN kill switch enabled (source)
- Android bug leaks DNS queries even when VPN kill switch is enabled (source)
- Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials (source)
- Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android (source)