Disable apps ability to detect VPNs

[deleted]

Synthetic use the banking app in a separate profile with your VPN not activated.. Switch to that profile when you need it and you don't need that 24/7, do you?

Synthetic

[deleted] I actually never tried profiles before. I hope they're as convenient to use as they sound (not needing to logout from the other profile or something). Will give it a shot.

[deleted]

Synthetic I started using bank apps in a separate profile weeks ago to provide a additional layer of security if I I forced to unlock the phone by a thief, by example

DeletedUser115

[deleted] I also reboot the phone before opening a user profile with banking apps. This way I know verified boot just did its job and no apps from other secondary user profiles are running.

Synthetic

DeletedUser115 I still haven't tried profiles... I'll have to dedicate some time to look into this... but if I do have to reboot or actively log out (shut down all apps) to do this, then this is useless. It's impractical. Convenience is important. My non-techy family members use my VPN system and they never notice the difference. This is how convenient it's.

I honestly don't care two bits about "banking security"... I'm not a noob, so unlikely that someone will gain access to all my systems to the point they'll bypass multi-factor authentication.

[deleted]

Synthetic You do not need to reboot to enter not primary profile and also you don't need to reboot after finish to use the not primary profile.

Relaks

Synthetic
I suggest you try out profiles before judging its inconvenience. They are not complicated to get started with.

Profiles take a few extra seconds to launch. But for me it's a tiny inconvenience.

Synthetic

Relaks Will do. I'm just stuck working on networking problems so don't have the brains to touch it now. Will come to it in a day or two.

Synthetic

I compromised by being able to use a VPN software that makes temporary disconnections easy. No need for profiles.

Though my request stands: It should be possible to block an app from knowing whether I'm using a VPN, even in the interest of privacy... as long as dumb, ignorant wannabe devs in big institutions think that VPN = traffic tunneling and don't know what a routing table is.

I'm very angry about this, excuse my tone.

JayJay

It could recognize by IP connecting also.
I suggest to test use browser with VPN on. If you can not use your banking through Vanadium with VPN on it means the root cause of issue is not the VPN configuration but rather the IP being detected as VPN. So for that there is nothing that Graphene can do about it

If browser works then, you have a working solution anyway.

flighty_sloth

JayJay In first post OP specified the VPN is only used to access self hosted network and doesn't do any traffic tunneling so it shouldn't be due to IP since the IP would be their own in that case, unless I'm missing something.

Synthetic

@JayJay , flighty_sloth is correct. There's no traffic tunneling in this VPN. When the VPN is started, it just creates a new networking interface, tun0 (can be seen in nmap software on android), which is used to access my local network remotely. The routing table isn't affected at all, other than facilitating the connection to the subnet of tun0.

So, no, they're not detecting IPs. They just detect it through Android's interfaces, which is why I'd love for GrapheneOS to block such apps from knowing whether I'm using a VPN. It's none of their business (whether I'm tunneling or not). The only reason this can be done is because of how restrictive Android is.

The browser isn't good enough, btw. The app is used to authenticate access in other devices.

The funny thing is that if I want to tunnel the connection, they can't really stop me. A $100 GL iNet router can do that and they won't detect it except from the IP address... so there's no point in detecting whether I'm running a VPN in the OS. Like I said, it's just a bunch of IT people and developers who don't know what they're doing.