What Is the Always-On VPN Feature on Android?

If you’ve used Android at all, you may have heard of the Always-On VPN feature, which is built into the operating system and provides a secure connection to a VPN server (Virtual Private Network) even when the device is locked.

Whether you use a public WiFi hotspot or a personal hotspot, connecting to a VPN server is the simplest and most convenient way to ensure your personal data is always protected when using public WiFi.

While this is clearly a beneficial feature, there is one thing you should know about. The Always-On VPN feature is a bit of a privacy concern. Security researcher Billy Lin discovered that a back door was left open for anyone to monitor your activity even when the device is locked.

In his talk, “The Art of the Steal: How to Be the Most Intelligent Mobile Phone Stealer,” Billy Lin details how he was able to bypass the lock screen to gain complete access to the device and watch and listen to everything you do while connected to a VPN.

While using a VPN is one of the most convenient and easy ways to keep your personal data secure, it also leaves a lot of room for snooping. Be sure to understand the risks before you decide to use this feature.

How the Always-On VPN Worked

Thanks to our friends at Android Police for helping us out with this one! In their investigation, they discovered that even though the lock screen is supposed to protect your personal data, it’s actually quite easy to get around it.

The always-on VPN feature was first introduced in Android 4.4 and uses a VPN app that’s already installed on your device. So, as long as you have an app that supports the OpenVPN network and protocol (most do), you’ll have nothing to worry about.

As long as your VPN app is working and unlocked, you’ll have a secure connection to a remote server that allows you to browse the web, make calls, and use other apps without worrying about your personal data being tracked.

Even when the phone is locked, the VPN app can still monitor all of your activity. So while you’re connected to a VPN, your phone is open to the world. This is probably one of the most convenient features available in an operating system. You can browse the web, use apps, and make calls without having to worry about always keeping your phone locked.

There is one problem with this feature, however. If you forget to lock your phone after working on it or leave it somewhere unsafe, anyone could potentially access your personal data. If this happens, you’ll have to reset your device or install a new one. The good news is, you can use a free tool like Android Device Manager to lock/wipe your phone clean if it’s been lost or stolen. Just make sure you’ve backed up all of your important data first.

Why You Shouldn’t Install a VPN App

Before we begin, we should note that there is no reason to ever install a VPN app on your phone if you don’t need one. The built-in Always-On VPN feature is secure and offers all the benefits of a VPN without the need to install another app. If you already have a VPN app on your phone, you can easily connect to a secure server when you need one. Just set up a VPN schedule in your phone’s settings so you don’t have to remember to connect manually when you use the app.

Now that you’re aware of the risks and inconvenience of having a VPN app on your phone, it’s time to discuss why you should never install one in the first place.

No Patches

One of the biggest concerns with having a VPN app on your phone is that you could end up with a compromised version. With all the constant updates that come out for apps, it’s quite possible that the app you have now is not the same as the one you originally installed. If an update compromises the security of your data, you’ll instantly realize the risk. Unfortunately, this is one risk that you cannot avoid with a VPN app.

Because they are not signed by a trusted third party (such as Google or Apple), unsigned apps cannot be updated. If you try to install an updated version of an app that isn’t signed, you’ll either get a warning that the app isn’t signed or an error message when you try to use it (depending on how your device handles it).

This is why it’s best to avoid installing apps that you don’t trust. If you’re not sure whether or not an app is legitimate, it’s generally a safe bet to avoid it. Just keep in mind that there are some exceptions to this rule, such as the built-in apps and Google Play Store.

Expensive Data Plans

Being the device that you are, you likely already have a data plan. So, it’s not like you’re going to be charged another $10 for an hour of internet use when you already pay for your cellular data. But, here’s the thing: if you use your phone’s data plan to connect to the internet, you’ll be charged for that data regardless of whether or not you’re using the VPN.

Say you have a 1 GB data plan. When you access the internet using the program on your phone, your phone will request another 1 GB of data, which will then be billed to your account. However, when you use the VPN to access the internet, it will connect you directly to the server and avoid loading the web page onto your device. In this case, you won’t be charged for the 1 GB that was previously used.

The same goes for when you’re on a metered network. If you use the Android device manager to lock your phone, it will stop collecting data when you’re on a metered network. So, even when you’re not using the internet or a paid network, you won’t be billed for data collected when the device was locked!

Limited Features

With every update, a VPN app comes with new features. Sometimes these features are awesome and make using the app better. Other times, they’re useless and just take up space. If a new feature is added that you don’t need or use, you’ll be quite unhappy. This gets even worse when the app gets updated with bugs that were previously unknown and cause major issues.

As a user, you have little control over which features an app will come with and which ones it will leave out. So, if a bug is found in a feature you use frequently, you’ll either have to live with it or find a workaround. It’s never fun having to work around a glitch.

Data Leaks

If you use the VPN app regularly, you’ll notice that it will periodically refresh the login details for your account. While this is generally a good thing, it also means that everyone around you will be able to see your login details when the device is unlocked. Anyone who has physical access to your phone can view your login details and easily impersonate you. This is a huge security concern.

Data in general seems to be a major point of contention for users. As more and more people use the internet on their phones and tablets, the demand for data plans will only continue to go up. So, if you want to ensure that your data is always safe, it’s best to avoid using a VPN app and use the built-in Always-On VPN feature instead. Just make sure you back up your device regularly and don’t forget to lock it when you’re not using it. There is also an option in Android Device Manager to remotely wipe the device if it’s been lost or stolen.

Similar Posts