Millions of VPN users at risk of hacking - here's what you need to know

News
By published

Top free Android VPN apps contain critical vulnerabilities

VPN App
Image credit: Shutterstock (Image credit: Shutterstock)

After analyzing the top free VPNs available on the Google Play Store, security researchers have discovered that several contain critical vulnerabilities.

VPNPro's investigation found that the app SuperVPN Free VPN Client, which has over 100m installs, contains critical vulnerabilities that open users of the app up to man-in-the-middle (MITM) attacks. 

By exploiting these vulnerabilities, a hacker can easily intercept all of the communications between a user and the VPN provider to find out exactly what the user is doing online.

According to VPNPro, nearly 105m users who have installed SuperVPN Free VPN Client could be at risk of having their credit card details stolen, their private photos and videos leaked or sold online or their conversations recorded. To make matters worse, of the top free VPN apps analyzed by its security researchers, 10 other apps contained similar vulnerabilities.

Free VPN apps

Besides SuperVPN Free VPN Client, the other free VPN apps that VPNPro found to have vulnerabilities include TapVPN Free VPN, Best Ultimate VPN – Fastest Secure Unlimited VPN, Korea VPN – Plugin for Open VPN, VPN Unblocker Free unlimited Best Anonymous Secure, Super VPN 2019 USA – Free VPN, Unblock Proxy VPN, Wuma VPN-Pro (Fast & Unlimited & Security), VPN Download: Top, Quick & Unblock Sites, Secure VPN – Fast VPN Free & Unlimited VPN and Power VPN Free VPN.

Cybersecurity expert at VPNPro, Jan Youngren explained to 9News that using a free VPN could actually leave users less protected than not using one at all, saying:

"(VPN users are) more willing to transmit sensitive information on VPN apps than on other apps. For a VPN app to then be so vulnerable is a betrayal of users' trust and puts them in a worse position than if they hadn't used any VPN at all."

VPNPro disclosed these vulnerabilities to the developers of all 10 affected VPN apps back in October in order to give them enough time to fix these issues. However, only one VPN app, Best Ultimate VPN, responded and patched the vulnerabilities.

  • Looking for a VPN without vulnerabilities? Check out our complete list of the best VPN services

Via 9News

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in VPN Privacy & Security
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still a stellar option for streaming
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Latest in News
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
Elayne, Egwene, and Nynaeve dressed regally and on horseback in The Wheel of Time season 3
'There's a reason why we do it': The Wheel of Time showrunner responds to fans who are still upset over the Prime Video show's plot alterations
Google Pixel 9
Android 16 could bring an improved Samsung DeX-style desktop mode to more phones
An Nvidia GeForce RTX 4060 Ti
Nvidia could unleash RTX 5060 and 5060 Ti GPUs on PC gamers tomorrow, but there’s no sign of rumored RTX 5050 yet
AI writing
ChatGPT just wrote the most beautiful short story, and I wonder what I'm even doing here
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
More about vpn privacy security
PrivadoVPN running on an iPhone during TechRadar's VPN tests

Why PrivadoVPN Free is still a stellar option for streaming
In this photo illustration a Google Play logo seen displayed on a smartphone.

Why is there so much spyware hidden in the Play Store?
Some of the best mobile controllers on a colorful background.

The best mobile controllers 2025: upgrade your portable play
See more latest
Most Popular
Apple products all showing different versions of the Apple Photos app
Apple Photos could actually win you over in iOS 18.4 – here are 4 improvements that are coming
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
JBL Charge 6
JBL's new Bluetooth speakers bring all the upgrades I most wanted to see, and they're coming soon
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
Windows 10 button on a keyboard
Microsoft’s Remote Desktop app becomes the Windows App
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Thursday, March 13 (game #375)
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 13 (game #641)
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Quordle on a smartphone held in a hand
Quordle hints and answers for Thursday, March 13 (game #1144)