A VPN with over 100 million installs has been removed from the Google Play Store. If you have this VPN on your Android phone, you should remove it now.

According to VPNPro, SuperVPN, a free VPN client, is an "incredibly dangerous" app. What are its problems? The app has a critical vulnerability that allows for man-in-the-middle attacks. This means that hackers can easily intercept communications and redirect users to the hacker's server instead of the real one.

As reported by TechRadar, VPNPro contacted Google on March 19 as part of the Google Play security rewards program, at which point the company verified the vulnerability.

Unfortunately, neither Google nor VPNPro was able to contact the developer, SuperSoftTech, to patch the issue. Google subsequently removed SuperVPN from the Google Play Store entirely on April 7.

To put SuperVPN's popularity in perspective, it has roughly the same number of installs as Tinder.

Analysis of the SuperVPN app found several troubling issues. For example, on one of several SuperVPN hosts, the package or payload of data sent by the app "contained the key needed to decrypt the information."

This vulnerability allowed VPNPro to replace the data on the SuperVPN server with data from its own server. Another major no-no was that some data was being sent via unencrypted and insecure HTTP. This means that anyone can read your communications by sniffing.

Apparently, SuperVPN had already been named the #3 most malware-compromised app in 2016 by an Australian research article, but the app's popularity continued to grow. This was accomplished through blackout SEO tricks, such as generating large numbers of fake reviews.

As of this writing, the available SuperVPN app is still listed in the Apple App Store, with "cheng cheng" listed as the developer. However, it is unclear if it has the same vulnerabilities as the Android version. In any case, one should be careful when downloading it.