We’ve recently been helping a client with a project to create a local VPN for Android phones.

On the face of it, a reasonably simple challenge. Just break out the VPNService class and follow the examples. All goes nicely until you start really testing. For our tests, we’re using approx 20 devices (mainly the customer’s) ranging from Android 5 (Lollipop) all the way to Android 8 (Oreo).

We discovered an already known bug in the Google Play download manager. As described in this post. Upshot is the VPNService route (for other server related reasons too) is now not going to completely span the Android ‘matrix of pain‘.

Luckily we had a backup plan, and had started looking at the two low level packet filtering open source VPN projects in parallel (experience with Android says always have a backup plan). The main two are OpenVPN and NetGuard. Early days yet (and late nights), but will keep you informed as to progress.

There may be another post soon on the changes to security and permissions in Android Oreo but that’s a story for another day.