G
G
golscream2021-12-10 02:56:12
Android
golscream, 2021-12-10 02:56:12

Can conditional malware on non-rooted Android 7-8 bypass vpn connections?

In short: there is a vpn connection that acts as a whitelisted firewall (working on applications, not ports).

In the settings in the android itself, the “block connections without VPN” checkbox is enabled, and with the naked eye it really works, traffic is not directly passed through.

But can a conditional malware bypass this restriction and access the Internet "directly", without a VPN, thus bypassing the firewall and remaining unnoticed? Ruta, as already said, no.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
R
rPman, 2021-12-10
@golscream

Directly without root - no
vpn prescribes routes, to bypass which you need root access
in theory, if the smartphone already has an application installed that works at this access level and can bypass vpn (and almost certainly Google services can) and most importantly, it can proxy requests (almost for sure Google will not allow), then probably you can.
How are your dns requests going? via vpn or how will the system set up? otherwise, in the latest versions, even these settings are hidden and disconnected from the user. If dns is used from the provider, then a malicious application without root access can send such requests to its server and proxy the Internet through them (there are implementations of such proxies)
ps I wonder what will happen with an open udp connection behind nat to a smartphone, at the time of the vpn connection, will this connection remain open or close?

A
antonwx, 2021-12-10
@antonwx

Theoretically, it is always possible, because even if there are no documented features, exploits and undocumented features can always be. And in the case of android, they are more likely to be than they will not be.

C
CityCat4, 2021-12-10
@CityCat4

Of course it can :) after all, it somehow got into the system, which means that it is either already compromised (and the malware has a root) or it entered the system along with some kind of appliquha (and it has applicuha rights, which it will strive to increase in different ways.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question