IVPN Blog>Under the Hood>Kill switch changes in IVPN for Android

Kill switch changes in IVPN for Android

Under the Hood By Aleksandr Mykhailenko | Posted on October 14, 2021

TL;DR - Before our latest Android update (2.7.0) customers had two different options for a kill switch: one implemented by IVPN, and another available through device settings in the Android OS. We have removed our custom solution from the IVPN app and suggest using the native Android solution from now on.

A Kill switch is implemented to block all network traffic when the VPN connection is active and it fails/disconnects without the user explicitly stopping the connection. We added a custom kill switch to IVPN for Android in 2018 so customers who had no access to the native solution or preferred not to use it could have a different option.

We built our solution on an Android service called VPNService - the same that facilitates the VPN connection. The Android OS can only have one VPNService active at the same time; when one starts, the other stops. This means that the kill switch functionality can only become active after the VPN halts; otherwise, the kill switch would stop the connection.

What are the ramifications?

  1. Since the VPN and the kill switch service cannot run in parallel, there is a small gap between the old service stopping and the new one starting. This has the potential to cause traffic leaks.

  2. Due to how Android OS treats service life cycles, there are no guarantees the kill switch service will be active without interruptions:
    a. the OS can terminate it when it’s out of memory and for various other reasons - it is possible to restart the service, but traffic may leak before this happens
    b. the app may crash for various other reasons

These cases are unlikely, but they fail to deliver on the promises of a kill switch. Furthermore, most customers can now access the (better) native solution.

For these reasons we have removed the custom solution from the Android app, and we recommend using the native kill switch. You can find a quick guide for enabling it in the IVPN Android app. 

Apps Security
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

Featured posts

IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

Related posts

App-based VPN using SOCKS5 Under the Hood

App-based VPN using SOCKS5

Posted on July 13, 2022 by Nick Pestell

Today we’re launching our new SOCKS5 proxy service, available on all IVPN servers. This enables multiple new features but I feel the most exciting is the ability to configure individual apps (or browser tabs!) to route their traffic through a different VPN server than the one you are connected to.
DNS over HTTPS (DoH) support on macOS, Linux and Windows Releases

DNS over HTTPS (DoH) support on macOS, Linux and Windows

Posted on April 5, 2022 by IVPN Staff

IVPN offers custom DNS servers which, when accessed through the VPN ensure that your DNS queries are encrypted between your device and our DNS server. This is a necessity, as DNS queries are not encrypted by the DNS protocol and can be easily read by an adversary observing your traffic (even when using HTTPS for your web traffic).
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.