SuperVPN Features
Refund period: n/a
Based in which country: Singapore
# devices per license: 1
# servers: Unknown
Server locations:9 countries, including the USA, Canada, the UK, Japan, France, and Germany
Streaming sites unblocked: Netflix, ITV, BBC iPlayer, and NBC
Supports torrenting: Yes
Does VPN keep logs:Yes
24/7 customer support: No
Website: (redirects to Google Play Store)

SuperVPN Fast VPN Client from SuperSoftTech recently went through a name change from SuperVPN Free VPN Client. There is an alternative version of the tool, called SuperVPN Pro, and both tools have free and paid options.

The SuperVPN Fast VPN Client has been downloaded from the Google Play Store more than 100 million times and the Pro version has been downloaded more than 10 million times. There are very impressive usage statistics.

Having used this app for the sake of writing this review, we have to say that it works well. It is a nice little tool and does not require any payment or account creation. However, whatever good points the SuperVPN app has, the system’s appeal is seriously undermined by the fact that its operating procedures are kept secret.

Tracking down SuperSoftTech leads to false trails created by fake addresses. The confusion between different VPN services using the same name, produced by different providers, or using the same logo but with different app screens flashes red flags.

SuperVPN is a well-organized and professional-looking VPN app, and it has been downloaded 100 million times, so you have to wonder why the owner of this asset is so evasive. You would expect that such a widely accessed service would be very valuable, so why doesn’t SuperSoftTech monetize this success? Other VPN services that have smaller user bases are being bought up by major corporations for millions of dollars – in a few cases, hundreds of millions of dollars.

There are many terrible free VPNs on Google Play that don’t change your IP address, take ages to connect, or constantly fall over. SuperVPN isn’t one of those – it works well.

The app permissions that SuperVPN gets from you before it will work let it access all of your internet traffic and run permanently in the background, and that is worrying. The Google Play description of the app explains that it doesn’t need root access. However, this is not reassuring because the app’s control of network traffic means it can still cause a lot of damage.

Legal domicile

Singapore is a good location for a VPN. Data retention laws don’t apply to VPN services, and neither do other registration requirements. Anyone can start up a VPN service in Singapore without being tracked by the government. All of this is good news because the Google Play page for SuperVPN Fast VPN Client gives the address of SuperSoftTech as 15 Lower Kent Ridge Road, Singapore 119077.

Now the bad news. 15 Lower Kent Ridge Road is on the campus of the National University of Singapore. Number 15 lies between Lecture Theatre 29 and the Yong Loo Lin School of Medicine. There is no building at number 15 on the street.

So, if SuperSoftTech really is in Singapore, it isn’t at 15 Lower Kent Ridge Road. If the business is operating this very widely used VPN, why doesn’t it give its real address?

AppBrain, the Android app tracker, reports that SuperSoftTech has been registering apps on the Google Play Store since April 2013. AppBrain calculates the developer’s total number of app downloads at 300 million, which puts it among the top 1 percent of all app producers in the world. AppBrain also lists SuperSoftTech’s address as 15 Lower Kent Ridge Road.

About SuperSoftTech

A VPN can’t be trusted if the developer can’t be traced. Using a VPN as a front would be a great intrusion tool for a hacker. A private VPN can be a very useful way for a hacker team to hide their true location during an attack.

Controlling a group of computers, called a Botnet, is the classic operating strategy for a service that launches DDoS attacks. A DDoS attack is a Distributed Denial of Service attack. This commands hundreds of thousands of devices to send a connection request to one specific Web server. Thus, even though each device only sends one request, the target gets overwhelmed by request volume – its queue fills up, and all legitimate requests for that website get locked out. Effectively, that site seems to be offline. This is not an unreasonable explanation of why SuperSoftTech remains hidden despite its huge success in the field of VPNs – it could really be operating a DDoS service (called a “stresser” or “booter”) and earning money by commanding the devices on which its app is installed to attack other devices for a fee.

As the service has access to all of its users’ network traffic and is in control of connection encryption, the app is able to read all of the payment card details, online banking logins, and credentials for many other online services and steal them. So, identity theft could be the main income stream for SuperSoftTech.

There are many surreptitious activities that are far more lucrative than charging for a VPN app. Given that there is no information on what the app does and that the app gets access to the internet traffic of the devices that it is installed on, using this app creates considerable risk.  

In search of SuperSoftTech

If we can find SuperSoftTech, we can get a better idea of whether SuperVPN Fast VPN Client is a genuine service or a hacker tool. Looking at the research of other VPN review sites, the identity of SuperSoftTech is greatly clouded by confusion with the service. This is completely unrelated to the SuperSoftTech app and seems to be defunct because none of its purchase links work.

Apart from the name SuperSoftTech and the address on Lower Kent Ridge Road, we have the contact email address of [email protected]. This isn’t a fake email address because messages to non-existent email addresses get a quick “not found” response, and mailing that address did not get that result.

The iOS SuperVPN (with a space) app uses the same logo as SuperSoftTech SuperVPN Fast VPN Client. However, the screenshot of the app looks completely different. The Download count in Google Play is compiled by Google, not the app’s developer. So, the 100 million+ count is genuine. Therefore, if either the iOS or Android app is a fake copy of the other, the SuperSoftTech SuperVPN app is likely to be the genuine article. The other possibility is that SuperVPN and SuperVPN are both created by the same developer but with a different skin for each and a different developer identity for each.

The name of SuperVPN’s developer is Free Safety Connected Software Co., Ltd, which sounds like a legitimate, registered company and so should be easy to trace. The name is remarkably similar to Free Secure Connected Software Co., Ltd, which provides Snap VPN and Thunder VPN on the Apple App Store.

In the Apple App Store, Free Safety Connected Software Co., Ltd has also registered a VPN app called LunaVPN. This free VPN is listed on AppAdvice as a property of Lunaspeed Ltd.

A Google search for Free Safety Connected Software Co., Ltd reveals no information on its real-world existence as a legitimate, registered company. Free Secure Connected Software Co., Ltd also does not exist outside app download sites. Lunaspeed Ltd does exist. It is a UK-registered company, and its status is dormant. However, its registration is still accessible, and the business’s address is listed as Flat 1404, 10 Cutter Lane, London SE10 0YA.

Lunaspeed Ltd has one director, who is Mr. Jinrong Zheng. He was born in China in November 1984 but is now resident in the UK. Jinrong Zheng has registered a number of Android apps on the Soft112 website. There are eight apps in total: five of these have names that are variations on SuperPlayer; two are SuperCHM and SuperCHM Pro, and one is GoAnalytics. Remember that the contact email address for SuperVPN Fast VPN Client is [email protected]. So, it seems that Jinrong Zheng is the developer, owner, and operator of SuperSoftTech and its SuperVPN Fast VPN Client app.

Activity logging

Activity logging is a big issue with VPNs because one of the main purposes of using a VPN is to hide your identity. A VPN service provides you with a substituted IP address so that you can’t be traced.

While a VPN session is ongoing, the VPN server has to keep a cross-reference of the IP address that it uses and the real IP address of the client that the address represents. This is because there can be many clients channeling their traffic through the same VPN server at the same time, and the server needs to know which request each returned response refers to because it will need to be forwarded to a specific device.

The live mapping that the VPN server performs is called network address translation (NAT). This widely-used technique is also implemented on most home WiFi hubs. There is no issue that the VPN has this mapping table. However, there is no need to keep those mappings once a customer closes the VPN session.

If a VPN service archives off its NAT table records, it creates an activity log. Those logs can be used by copyright lawyers who are tracking activities back from Web server connection logs and need to link through the VPN back to the real IP address of the user – that discovery renders the identity masking service of the VPN useless.

The Privacy Policy of SuperVPN Fast VPN Client specifically states that the service does retain activity logs. It says the following:

“Information collected on our app

Access logs. Like most apps on the internet, our app collects access logs (such as IP address, browser type, and operating system) to operate our services and ensure their secure, reliable, and robust performance. This information is also essential for fighting against DDoS attacks, scanning, and similar hacking attempts.”

Ordinarily, this would be a big problem. However, this is one area in which the obscurity of SuperVPN’s ownership becomes an advantage. Copyright lawyers can only get hold of those activity logs if they can find Jinrong Zheng and serve him with a court order – good luck with that.

SuperVPN Fast VPN Client VPN protocols

Network and internet systems have to follow standard procedures because this enables a piece of software written by one person or group to be automatically compatible with any other system anywhere in the world that is written to the same guidelines. These rulebooks are called protocols and there are a number of them that outline how a VPN should behave.

The description of SuperVPN Fast VPN Client doesn’t explain what VPN protocols are implemented in the app. As there is no screen in which the user can switch between options, it is reasonable to assume that the package implements only one VPN protocol.

Extensive research reveals that the SuperVPN system is based on an open-source protocol called strongSwan. Although this is a reputable project run by a professor in Switzerland, it isn’t very well known. In fact, during 12 years of writing about VPNs, we haven’t come across another commercially available VPN system that uses it. Nonetheless, knowing that SuperVPN is using this package is reassuring.

We now know that SuperVPN Fast VPN Client is actually implementing a VPN standard. It isn’t just a proxy service, it is a real VPN – it is a VPN proxy, and it is implementing encryption, so it is a secure VPN.

strongSwan procedures

VPNs follow the same general pattern of procedures no matter what protocol is in operation. This involves including a remote device in a network over a secure internet connection. The network’s regular gateway then acts for that device as it does for every other device on the network. The network gateway implements the IP address switching features of NAT.

The secure connection from the device to the network is called a tunnel. This is because it hides the client’s traffic from snoopers. All internet traffic has to pass through the computers of an internet service provider (ISP) before it gets onto the internet. This gives the ISP an opportunity to log the details of the connection or even block it. Circumventing the interventions of the ISP is one of the main benefits of using a VPN.

The tunnel is formed between a VPN client and a VPN server. People access SuperVPN through the Android app. This is the VPN client. Users need to choose a server from a list of locations before clicking on the Connect button. This is the VPN server.

The client and server negotiate session parameters, which include an encryption cipher and a key. No matter where the apps on the protected device want to connect, all of that traffic is sent down the tunnel to the VPN server.

Data passes along the internet in sections, and they are transported in a structure called a packet. The packet has a header on it that includes source and destination addresses. These need to be in plain text so that internet routers can read them. However, the ISP can read them too, and log them.

The VPN client protects the header by encrypting it along with the rest of the packet. However, this also renders the packet incapable of moving over the internet, so the app places that encrypted packet inside another packet and addresses the outer packet in plain text to the chosen VPN server.

strongSwan is actually a package of protocols, and it is based around a combination of two well-known and regularly used VPN protocols: IPsec and IKEv2. IPsec is a very efficient VPN system that was created by Cisco Systems. It works right down at the network level and implements that packet encryption and repackaging work.

IPsec isn’t able to implement session management, and those higher functions include cipher agreement and key exchange. These tasks are performed by an additional VPN protocol called IKEv2.

SuperVPN Fast VPN Client VPN encryption

Despite discovering the VPN protocol in use by SuperVPN, we still don’t know what encryption cipher it uses. There are a couple of things that we can state about the system that narrows down the examination of the service.

The IKEv2/IPsec combination operates two phases of encryption. The first of these is used for session establishment, and this includes the protection of the key exchange for the cipher used to form the tunnel. The strongSwan system offers a range of options for both phases. The session establishment phase uses the procedures laid out in Transport Layer Security (TLS), which is the security service used by HTTPS to protect secure Web pages. We don’t know exactly when cipher is used for this or how long a key it uses.

For the tunnel encryption cipher, strongSwan offers three options:

  • Advanced Encryption Standard (AES)
  • Blowfish
  • ChaCha20

There are all good options. However, the length of the key used for the cipher greatly influences the strength of the security offered by the encryption process, and we have no idea about that factor in the SuperVPN implementation.

SuperVPN malware

A study by Australia’s Commonwealth Scientific and Industrial Research Organization (CSIRO) in 2016 examined VPN apps available for Android and identified the worst services in terms of the inclusion of malware, third-party tracking libraries, spyware, adware, and Trojans. SuperVPN was discovered to be the third worst of all the VPNs examined in the study.

The CSIRO study revealed that SuperVPN contained 13 malicious features. These were revealed by the VirusTotal service. In order to check on the current malware content of SuperVPN, we ran VirusTotal for Mobile on the device that we installed SuperVPN on. This package scanned all apps on the device and compared them to the VirusTotal database.

VirusTotal for Mobile found no malicious content in the SuperVPN Fast VPN Client app and none in SuperVPN Pro. In fact, these two apps were cleaner than Messenger Lite, Facebook Lite, the Shopify Shop app, and MetaMask, each of which triggered a report of one tracking library.

So, SuperVPN is considerably better today than it was in 2016 when it was ranked as the third worst Android VPN in the world.

SuperVPN Fast VPN Client IP leak and DNS leak protection

A key service of a VPN is to prevent your ISP from seeing and logging your real internet activity. This standard can be tested by seeing whether your real IP address can be detected on a connection.

Your ISP can block your activities and even change its service according to the type of traffic that is going into your device. This can include imposing selective bandwidth limitations – a practice called throttling – in order to discourage you from streaming video, which creates a lot of traffic.

Another possible point of disclosure lies with a DNS leak. This relates to the Domain Name System (DNS). When you access websites, you enter an address in a Web browser. That address is called a URL, and the site address in that string is called the domain name. Routers on the internet need an IP address, and they don’t understand URLs. So, before a Web browser can fetch the Web paged that you asked for, it has to discover the IP address for that site.

The cross-reference between domain names and IP addresses is held in the Domain Name System, and your ISP provides access to this. The DNS query presents your ISP with another opportunity to log your internet activity. Therefore, a decent VPN protects your DNS queries and either serve them itself or tunnels them through to a public DNS resolver. Either of those two methods prevents your ISP from controlling and logging your online activities. A DNS leak occurs when a DNDS              query isn’t intercepted by the VPN but is allowed to be processed by the ISP.

We checked for both IP leaks and DNS leaks with The real IP address was not revealed by the test. The DNS server addresses detected by were not those of the ISP, showing that there were no DNS leaks.  

SuperVPN Fast VPN Client offers a choice of nine VPN locations – each resident in a different country. These server locations are:

  • France
  • The USA
  • Canada
  • The Netherlands
  • The UK
  • Germany
  • Singapore
  • Hong Kong

The Hong Kong server is only available to subscribers to the VIP pass. There is one other server option, which is Auto select. This allocates your connection to the most efficient server, which is usually the closest to your location.

The choice of VPN server location is important because your internet traffic will be given the IP address of that server. IP addresses have to be unique on the internet, and their distribution is centrally controlled to prevent duplication. These controls provide a lookup service from Web servers, and they detail the location of the owner of that address.

This provides an opportunity for VPN users because once the VPN connection is in place, you get the location of the VPN server, not of your own Android device. Many online systems control access to their services by scanning the location of the source of a request and then not delivering the requested service to people who are not in the right location.

Examples of this geo-location blocking are that you can only watch the BBC iPlayer if you are in the UK. You can only watch video streams on the websites of ABC and NBC if you are in the USA. Also, systems, such as Netflix and Disney+ that operate internationally, only allow subscribers to see the content that is authorized for the country that they are in. So, people use VPNs to unblock those controls.

We ran some tests on geo-restricted video services, switching between the server countries in the SuperVPN app, and these are the results:

NetflixTested for the USA, and it worked; didn’t work for the UK, France, or Japan
Disney+Test for the USA, the UK, France, and Japan, and it didn’t work for any  
BBC iPlayerYes
ITV HubYes
Channel 4No

The SuperVPN Fast VPN Client app is free to use. It is ad supported. You can opt to remove ads by paying for a VIP pass. This payment commitment gives you the service free for three days, and then the service is charged at $5.99 per year. That is a reasonable rate. If you cancel within the first three days, you don’t pay anything.

However, as there is no guarantee that the VPN provider will actually respond to your cancellation, and as the business is untraceable, there is no guarantee that you won’t be charged or that you will only be charged $5.99. The obscurity of the organization behind SuperVPN undermines any confidence that you can have in the app.

SuperSoftTech also offers SuperVPN Pro. This is exactly the same as SuperVPN Fast VPN Client. It also has an ad-supported free option or a VIP pass option that removes ads. With this app, the VIP pass costs $2.99 per year. Again, the risk of what will happen to your payment card details or how much you will actually be charged is a major deterrent to actually subscribing.

1. The minimum operating system requirement for SuperVPN Fast VPN Client is Android 4.1. This is a very old version, so your device is more than likely going to have a much later version. To see the version of Android that you are running, swipe down from the top of your device, and tap on the settings cog. Scroll all the way down to the bottom of the settings menu to the About option. Tap on that to see the details of your device, which will include the version of Android that it is running.

2. You don’t need to manually install the APK for SuperVPN Fast VPN Client. You just need to find it in Google Play Store and press the Install button.

3. Once the app installs, you will get a SuperVPN app on your Home screen. Tap on it to open the SuperVPN app. You will be asked to disable battery optimization – enable background activity. Tap Continue. You will then be asked to allow SuperVPN to run in the background. Tap on Allow.

4. You will be given the option to use the free service, which is ad-supported or subscribe to the VIP version, which does not present ads.

5. The ad-supported app has an advertising panel in the lower section of the Home screen. A location symbol in the top right of the screen shows you your current server choice – the default is Auto select.

6. Click on the location symbol to get to the server selection screen.

7. Just tap on a location to set it up. You will automatically be taken back to the Home screen with the flag of your chosen server location shown in the top right of the screen.

8. Click on the big Connect button to activate the VPN connection. The app will show a full-screen advert or take you to a Google Play installation screen for an app. Close this screen to continue. You will see that the Connect button has changed to Disconnect. The app also displays a full-screen advert when you press the Disconnect button.

9. As an alternative, you could choose to install SuperVPN Pro instead. The installation process for this app is exactly the same as that for SuperVPN Fast VPN Client. The app is also almost exactly the same. The only difference is that the location selection field appears immediately above the Connect button instead of on the top border of the screen.

We tested the SuperVPN system, running on a mobile device connected to the Three networks in the UK. Each test was performed three times, with the middle result taken for the report.

First, to establish a performance baseline, we tested a connection to a nearby server without the VPN turned on:

The download speed shown was 11.90 Mbps, and the upload speed was 3.02 Mbps. Using the United Kingdom VPN server of SuperVPN, we performed the speed test, connecting to a test server in the UK. The results were:

At 10.00 Mbps, the download speed on the protected connection was slightly better than the connection speed without the VPN. The upload speed was slightly lower at 3.23 Mbps. This was a good result and comes close to the speeds achieved by the unprotected connection.

Long-distance connections across the internet are slower because packets have further to travel and pass through more routers. We tested a connection to a test server in Sydney, Australia, and found unusual results:

The download speed of 15.70 Mbps and the upload speed of 3.81Mbps was faster than on the local connection. This wasn’t an anomaly because we performed another three-test cycle later in the day and found that download speed results were consistently around the 15 Mbps mark.

Turning on the SuperVPN service, using the UK VPN server, we connected to the same test server in Sydney again.  

This time, the VPN slowed the connection considerably, with a mean download speed of 5.20 Mbps and a mean upload speed, which was 3.70 Mbps.

These results seem all over the map. However, the true outlier in the group was the performance of the connection without a VPN on the connection to Sydney. This was unexpected but was repeated again and again. It would have created a nice story if the performance of SuperVPN was good over the long-distance connection. However, the big drop that its services created in download speeds are not completely unexpected – many highly respected VPNs have similar results. The lack of impact on connection speeds by SuperVPN on a local connection was a pleasant surprise.

Does SuperVPN contain malware?

There are three SuperVPNs. We checked SuperVPN Fast VPN Client with VirusTotal and discovered that the app does not include malware, trackers, spyware, or Trojans.

Does SuperVPN contain advertising?

The basic edition of SuperVPN Fast VPN Client is free to use, and this service is funded by advertising. An advert panel is visible on the main screen of the app at all times, and a full-screen ad appears when you connect or disconnect the VPN. You can get rid of adverts by paying for a VIP Pass.

Is SuperVPN a fast VPN?

SuperVPN produced respectable results in our speed tests. Although the VPN service did slow down the connection speeds, the drop in download speed was not that great on a local connection.

Is the free SuperVPN available for Windows?

SuperVPN Fast VPN Client and SuperVPN Pro are only available for Android.

How does SuperVPN make money?

A big problem that many cybersecurity analysts have with SuperVPN is that its free format doesn’t give it an income stream. While other free VPNs are either no use or a limited version of a paid tool, SuperVPN offers its free users almost as much functionality as the paid version. The VPN has been downloaded more than 100 million times, so it could be that its developers are happy to take the advertising income that the ad-supported system must generate.

To sum it up

After performing a deep analysis of SuperVPN, we are very frustrated. This is a well-constructed VPN service that isn’t as dangerous as it used to be. The service was ranked as the third most malicious VPN in the world in 2016, but today, it has no traces of the malicious content that earned it its bad reputation.

Despite the new clean status of SuperVPN, it should still be avoided. The VPN provider keeps activity logs, and the location of its headquarters is still unknown. However, the individual who created the VPN has been identified.

The strength of the encryption used in the VPN isn’t known, and that means it could be useless in defending against authorities and hackers that have sophisticated encryption cracking systems. So, the security and privacy offered by SuperVPN are weak, and you could do a lot better with other VPN providers.