Hello, with more and more countries thinking about banning VPNs i would like to request a feature, to block app from using known methods to detect VPNs.
Currently most robust method of detecting and banning VPNs is used in Russia, but other countries might follow example.
The way they are doing it: RKN developed methods to detect VPNs and forced all big companies to integrate in in their app (while this probably won't happen in most countries they can still use government apps for this or ask some big companies to do so).
Here is list of things needed to hide from known RKN methods (in eng and rus): https://github.com/xtclovver/RKNHardering
And here is an app that does checks with more detailed explanation what it does(only in rus sadly): https://github.com/loop-uh/yourvpndead
I believe it is possible to block app from accessing specific interfaces or 127.0.0.1 or return fake responses (like not reporting open ports on 127.0.0.1 if they aren't related to this app.
Currently there are 2 problems:
1) detection of VPNs even with split tunnels on same profile (hard to block)
2) detection of VPNs running on different profile (mostly using interfaces and scanning ports on 127.0.0.1) which should be easier to isolate.
I suggest to add option to block profile from accessing interfaces (using white list) and blocking 127.0.01 access for profile(or isolating it) for second problem.
For first problem it would be good if access to some android API would be blocked or could be replaced with some sort of standard answer, to not expose other things like VPNs.
I do understand that currently it isn't something most people should worry about, but it could be a problem in future, so starting to work on it now could be beneficial.
If you need translation of something of more in depth explanation of detection methods just msg me and i will add information i have.
Base android doesn't allow to block most of those methods. There is currently a magisk VPN module, that goes around it, but it isn't an option for Graphene OS. If needed i can provide link to it's github.