IVPN Blog>Under the Hood>Kill switch changes in IVPN for Android

Kill switch changes in IVPN for Android

Under the Hood By Aleksandr Mykhailenko | Posted on October 14, 2021

TL;DR - Before our latest Android update (2.7.0) customers had two different options for a kill switch: one implemented by IVPN, and another available through device settings in the Android OS. We have removed our custom solution from the IVPN app and suggest using the native Android solution from now on.

A Kill switch is implemented to block all network traffic when the VPN connection is active and it fails/disconnects without the user explicitly stopping the connection. We added a custom kill switch to IVPN for Android in 2018 so customers who had no access to the native solution or preferred not to use it could have a different option.

We built our solution on an Android service called VPNService - the same that facilitates the VPN connection. The Android OS can only have one VPNService active at the same time; when one starts, the other stops. This means that the kill switch functionality can only become active after the VPN halts; otherwise, the kill switch would stop the connection.

What are the ramifications?

  1. Since the VPN and the kill switch service cannot run in parallel, there is a small gap between the old service stopping and the new one starting. This has the potential to cause traffic leaks.

  2. Due to how Android OS treats service life cycles, there are no guarantees the kill switch service will be active without interruptions:
    a. the OS can terminate it when it’s out of memory and for various other reasons - it is possible to restart the service, but traffic may leak before this happens
    b. the app may crash for various other reasons

These cases are unlikely, but they fail to deliver on the promises of a kill switch. Furthermore, most customers can now access the (better) native solution.

For these reasons we have removed the custom solution from the Android app, and we recommend using the native kill switch. You can find a quick guide for enabling it in the IVPN Android app. 

Apps Security
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

Featured posts

IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

Related posts

Introducing quantum resistant WireGuard connections in IVPN apps Releases

Introducing quantum resistant WireGuard connections in IVPN apps

Posted on August 7, 2023 by Alexandr Stelnykovych Viktor Vecsei

Quantum computing poses a threat to VPN security due to its potential to break traditional encryption algorithms much faster. In an attempt to mitigate this risk and provide quantum resistance, a PresharedKey (PSK) is now used in addition to existing encryption.
App-based VPN using SOCKS5 Under the Hood

App-based VPN using SOCKS5

Posted on July 13, 2022 by Nick Pestell

Today we’re launching our new SOCKS5 proxy service, available on all IVPN servers. This enables multiple new features but I feel the most exciting is the ability to configure individual apps (or browser tabs!) to route their traffic through a different VPN server than the one you are connected to.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.