Select release
Introduction

Home

Installation

Configuration

Initialization

Common Usage Scenarios

Recommended Responses to Security Issues

Google Play Prominent Disclosure

SafetyNet Google Play Warning

Device Fingerprinting

Troubleshooting

Release Notes

Migration to Version 1.2.x

Migration to Version 1.0.x

Runtime Protection

RASP Features Overview

Debugger Detection

Emulator Detection

Root Detection

Repackaging Detection

Screen Sharing Detection

Blocking Screen Readers

Screenshot Blocking and Detection

Tapjacking Protection

HTTP Proxy Detection

VPN Detection

Screen Lock Usage

Google Play Protect Status

Changing Process Name

Detection of ADB Status

Detection of Developer Options Status

Detection of Biometry Enrollment Status

Detection of Active Call

App Presence Detection

Spoofed Location Detection

Activity protection

RASP Observer

Anti-Malware

Anti-Malware Use-Cases

Anti-Malware Feature Overview

Malware Threat Identification

Malware Threat Mitigation

Listening to App Changes

Installer identification

Smart Protection

Smart Protection UI Customization

Detection of VPN

View product develop

A VPN (virtual private network) can be used to tunnel all traffic from the device through a remote server. Although VPNs are primarily used to add a level of security, they can also pose a danger when the device connects to a dubious network. For example, some free VPN services might use invasive advertising or sell browsing data to third parties. Last but not least usage of a VPN might be restricted or illegal in some countries.

Configuration

This feature can be configured during the Malwarelytics initialization phase:

val raspConfig = RaspConfig.Builder()
    .vpn(DetectionConfig)
    // configuration of other RASP features
    .build()

Available values of DetectionConfig:

Value Description
NoAction indicates that the VPN will not be automatically detected. A manual check is still possible.
Notify indicates that the VPN will be automatically detected and observers will be notified.
Exit(
exitUrl:String?)		 indicates that the VPN will be automatically detected and the app will be terminated when a VPN is automatically detected.

VPN detection defaults to DetectionConfig.Notify.

List of available parameters for some config values:

Parameter Description
exitUrl:String? defines the URL to be opened when the app is terminated because of the automatic detection. Defaults to null.

Usage

After initialization, the VPN detection feature can be accessed via RaspManager. This can be used to register an observer or to trigger a manual VPN detection check.

Registering an Observer

VPN detection can trigger a certain action. To achieve that, an observer needs to be configured and registered.

Observer configuration:

val raspObserver = object : RaspObserver {
    override fun onVpnDetected(vpnEnabled: Boolean) {
        // handle VPN detection
    }
    // handle detection of other RASP features
}

The observer can be registered in RaspManager. When it is no longer needed, it can be unregistered again.

raspManager.registerRaspObserver(raspObserver)
raspManager.unregisterRaspObserver(raspObserver)

Triggering a Manual Check

VPN detection check can be triggered manually in RaspManager by calling the isVpnEnabled() method. A simple boolean answer is given.

val isVpnEnabled = raspManager.isVpnEnabled()

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Nov 21, 2023 (12:06) View product
On this page:
Search

develop

Malwarelytics for Android