[guardian-dev] vuln: malicious Android apps can bypass active VPN configuration

Nathan of Guardian nathan at guardianproject.info
Sun Jan 19 16:52:10 EST 2014


Good to know. I ran into the bug building our OrbotVPN app and so it must be a specific way we are trying to use it.

Pranesh Prakash <pranesh at cis-india.org> wrote:
>Nathan of Guardian <nathan at guardianproject.info> [2014-01-19 15:26:54
>-0500]:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> On 01/19/2014 03:05 PM, Pranesh Prakash wrote:
>> > Nathan of Guardian <nathan at guardianproject.info> [2014-01-18
>> > 14:25:53 -0500]:
>> >>> Also that whole feature is broken in 4.4!
>> > How is that?  I'm on 4.4.2 and am using "OpenVPN for Android"
>> > (which uses the Android 4.0+'s VPNService API), and it seems to be
>> > working fine.  Is there any reason to prefer OpenVPN Settings?
>> 
>> Just referring to this issue. perhaps it is solved on 4.4.2 now?
>> https://code.google.com/p/android/issues/detail?id=62714
>
>According to the BlueVPN's Google Play page[1], this hasn't been solved
>in 4.4.2
>
>However, most of the complaints on that bug seem to be about BlueVPN. 
>The majority of OpenVPN for Android's users seem not to have any
>issues[2] and I'm guessing at least some of them are running 4.4.x
>(though there is one complaint about it not working since the "Android
>upgrade").  And just by the by, both OpenVPN for Android and OpenVPN
>Settings are FOSS, and both are available from FDroid.
>
>I've tested it only with RiseUp's VPN service.
>
> [1]: https://play.google.com/store/apps/details?id=com.bluexvpn
> [2]: https://play.google.com/store/apps/details?id=de.blinkt.openvpn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140119/204e89ce/attachment.html>


More information about the Guardian-dev mailing list