So.. PSA: the secure vault bypasses your VPN if its not also in the Secure vault

fraenk

I just had a bit of an awkward learning experience, and also did manage to waste some peoples time: Postet a question on r/mullvad why an App could get my Public IP adress. Issue was the title, as I did not know that Apps in the vault (with sandboxed Google Play Store) would bypass my VPN and reveil me.

So my guess is the secure vault hides the connection from apps like Mullvad which are not in the secure vault.
Question: What is the sense of the sandboxed google play store? Which is then not able to collect data from my device, but is able to get my Public IP adress? And how do I prevent the sandboxed Google Play store from knowing it, wo installing a second mullvad app with a different device (and wasting therefor another device from my VPN subscription)?

Many Thanks for answering, and maybe this was new for you too.
PS. Let me know pleasw if you already knew this, and/or if I am just stupid. Is it documented somewhere and I just overlooked it?

NoahRaketic

The Private Space acts as a sort of second profile, so it's essentially its own device with its own networking. If you have Sandboxed Google Play in a profile with a VPN, Google will not see your public IP address.

Your best bet will be to have another instance of the Mullvad VPN app in your Private Space, or to move Sandboxed Google Play into your main profile.

fraenk

NoahRaketic Thank you very much, yeah I figured.
I also posted it in the subreddit btw, if you/anyone interested in discussion with more people
https://www.reddit.com/r/GrapheneOS/s/QjTmmWESQE

fraenk

See for more details and Link to original post graphene subreddit:
https://www.reddit.com/r/GrapheneOS/s/QjTmmWESQE