There are lots of useful things Android VPN interface might be used for:
- routing the traffic through external server,
- connection logging,
- IP-based filtering,
- DNS filtering, cloaking, forwarding, etc.,
- setting per-app rules,
- accessing overlay networks, such as TOR, I2P, etc.,
- TLS decryption (with trusted CA).
These are features for adjusting network configuration to one’s needs or inspecting what data installed apps send. The major problem is that due to the Android restrictions only one app is capable of using this interface, and most of them do only one or two things.
I wonder why nobody ever before has attempted to bypass it? This could be achieved by creating an app like “all-in-one, ultimate network manager”, handling the forwarding, filtering, logging, overlay networks, etc. Obviously it would be a hard task, so “core+modules” model would be desired instead of monolitic app doing everything. I’ve got two ideas:
- Core is just a platform having direct access to VPN interface and providing API for modules.
a. Modules are apps (like in lsPosed),
b. Modules are zip files (like in Magisk) - (This one is a bit crazy) Core is a proxy runtime - normal VPN apps are installed inside, all run at once and the use can “connect pipes” - set order and other rules.
Both approaches have its pros and drawbacks. Case 1 is more consistent and stable, but modules need to be created, while for case 2 there are ready-to-use VPN apps it’s compatible with. I am not an Android developer but it seems to me like developing such a runtime is not a piece of cake. There are many logical and engineering problems to solve. It’s also far less efficient and vulnerable to crashes. It’s worth noting that such “compatibility layer” could be a module itself in case 1.
Would it be fun to have ad-blocking, VPN and Yggdrasil network access at once, on single device?