Kill switch changes in IVPN for Android

Under the Hood By Aleksandr Mykhailenko | Posted on October 14, 2021

TL;DR - Before our latest Android update (2.7.0) customers had two different options for a kill switch: one implemented by IVPN, and another available through device settings in the Android OS. We have removed our custom solution from the IVPN app and suggest using the native Android solution from now on.

A Kill switch is implemented to block all network traffic when the VPN connection is active and it fails/disconnects without the user explicitly stopping the connection. We added a custom kill switch to IVPN for Android in 2018 so customers who had no access to the native solution or preferred not to use it could have a different option.

We built our solution on an Android service called VPNService - the same that facilitates the VPN connection. The Android OS can only have one VPNService active at the same time; when one starts, the other stops. This means that the kill switch functionality can only become active after the VPN halts; otherwise, the kill switch would stop the connection.

What are the ramifications?

  1. Since the VPN and the kill switch service cannot run in parallel, there is a small gap between the old service stopping and the new one starting. This has the potential to cause traffic leaks.

  2. Due to how Android OS treats service life cycles, there are no guarantees the kill switch service will be active without interruptions:
    a. the OS can terminate it when it’s out of memory and for various other reasons - it is possible to restart the service, but traffic may leak before this happens
    b. the app may crash for various other reasons

These cases are unlikely, but they fail to deliver on the promises of a kill switch. Furthermore, most customers can now access the (better) native solution.

For these reasons we have removed the custom solution from the Android app, and we recommend using the native kill switch. You can find a quick guide for enabling it in the IVPN Android app. 

Apps Security
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

Battery life improvements with Apple silicon builds Under the Hood

Battery life improvements with Apple silicon builds

Posted on November 10, 2021 by Alexandr Stelnykovych Viktor Vecsei

We have tested the battery consumption rate of the IVPN app with constant VPN connectivity using two protocols (WireGuard and OpenVPN) on two different app builds (M1 and Intel). We concluded that using a dedicated Apple silicon app build with WireGuard protocol can offer up to 22% increase in battery life over OpenVPN on Intel build version when bandwidth is not limited.
Kill Switch and WireGuard Multi-hop added to IVPN for iOS Releases

Kill Switch and WireGuard Multi-hop added to IVPN for iOS

Posted on November 9, 2021 by Juraj Hilje

Kill Switch and WireGuard Multi-hop options are now available in the latest version of our iOS app (v2.5.0). The Kill Switch protects from leaking data outside of the VPN by preventing network connections if the tunnel is unavailable.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.