[guardian-dev] Android VpnService Concern

[Cooper Quintin]

Hi All,
I have been kicking around some thoughts about the VpnService API and I
wanted to share them with you and get your feedback.

The VpnService API is great for writing privacy apps, such as Bitmask,
Disconnect, and Orbot, as you know. The limitation is that only one
application at a time can use the VpnService API.

I can envision a scenario where a user might want to use more than one
application that uses a VPN and be unable to, resulting in confusion and
annoyance. I think that this is quite likely as the number of privacy
apps using VpnService increases.

I think there are two solutions to this, one is to lobby the Android
team to refactor the API to allow multiple VPNs to exist and agree on
some sort of order that they will run in, or create a new API that does
this. The downside to this is that Google may not be interested in this
and even if they are it will probably take a very long time to get the
appropriate patches in.

The other option is for someone to write a library that has the same
interface as the VpnService API but that stands in front of it, allowing
multiple applications to connect to it while it remains the only actual
connection to the VPN API.  The downside to this is that it would only
work for apps that switched to using this library instead of VpnService
directly.

What is the most useful solution here? I think it is going to be
extremely hard to convince google to do anything, so we probably have to
write a new library. Is that feasible? Would people use it?

- Cooper