[guardian-dev] vuln: malicious Android apps can bypass active VPN configuration
Nathan of Guardian
nathan at guardianproject.info
Sun Jan 19 16:52:10 EST 2014
Good to know. I ran into the bug building our OrbotVPN app and so it must be a specific way we are trying to use it.
Pranesh Prakash <pranesh at cis-india.org> wrote:
>Nathan of Guardian <nathan at guardianproject.info> [2014-01-19 15:26:54
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> On 01/19/2014 03:05 PM, Pranesh Prakash wrote:
>> > Nathan of Guardian <nathan at guardianproject.info> [2014-01-18
>> > 14:25:53 -0500]:
>> >>> Also that whole feature is broken in 4.4!
>> > How is that? I'm on 4.4.2 and am using "OpenVPN for Android"
>> > (which uses the Android 4.0+'s VPNService API), and it seems to be
>> > working fine. Is there any reason to prefer OpenVPN Settings?
>> Just referring to this issue. perhaps it is solved on 4.4.2 now?
>According to the BlueVPN's Google Play page, this hasn't been solved
>However, most of the complaints on that bug seem to be about BlueVPN.
>The majority of OpenVPN for Android's users seem not to have any
>issues and I'm guessing at least some of them are running 4.4.x
>(though there is one complaint about it not working since the "Android
>upgrade"). And just by the by, both OpenVPN for Android and OpenVPN
>Settings are FOSS, and both are available from FDroid.
>I've tested it only with RiseUp's VPN service.
> : https://play.google.com/store/apps/details?id=com.bluexvpn
> : https://play.google.com/store/apps/details?id=de.blinkt.openvpn
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Guardian-dev