Samsung Pay in South Korea won't work when any VPN is running

[theseanl]

Samsung Pay in South Korea won't work when any VPN is running. We need to find a way to handle this situation specifically for Korean users.

Here's an app that does it: https://play.google.com/store/apps/details?id=com.haewon.samsungpay_adguard&hl=en

What we need to detect in order to solve this issue:

1. Check if the user is in South Korea (don't use geo location, we can simply check the cellular provider instead: https://android.googlesource.com/device/sample/+/master/etc/apns-full-conf.xml)

2. Detect when Samsung Pay comes to foreground (usagestats?)

3. Pause AdGuard. Unpause it only when Samsung Pay is not in use anymore.

The described functionality needs to be used only when the user is on Samsung device. It needs to be controlled by a new low-level setting.

[vozersky]

@seanl-adg What version of Samsung Pay app is there on s8?

Can't rep with 2.7.15 on s7

[theseanl]

Currently I have no information about the version of Samsung Pay app, but this issue is known to be reproducible only on Galaxy S8.

[theseanl]

A user made an app that disables vpn on Samsung Pay launch. http://llamalab.com/automate/community/flows/12287

[ameshkov]

@seanl-adg config for Automate, right?

I guess it can be also automated with Tasker: https://kb.adguard.com/en/android/solving-problems/tasker

Also, it makes sense to detect Samsung Pay startup and pause AG for a moment.

[Dx28id]

@seanl-adg As Galaxy S8 and S8+ started Oreo beta program, the automate flow for this matter need to be updated for Android O.

*Added: I have fixed the flow for Android Oreo myself. Link: http://llamalab.com/automate/community/flows/17184

[ameshkov]

I still don't get why can't it be reproduced here. We have an S8 device and Samsung Pay works as it should.

@Dx28id can you reproduce that issue?

[Dx28id]

@ameshkov I assume it is because of regional policy/law difference. It probably differs country from country. I am in Korea, using KT(Korea Telecom) device and my device's Samsung Pay detects VPN and won't run.

[ameshkov]

@Dx28id does it detect literally any VPN running or is it specific to AG?

What bothers me is that on Android VPNs can specify what apps should not be routed through it. Samsung Pay is not routed via AdGuard by default so it should've not be a problem :(

[Dx28id]

@ameshkov It just detects any VPN that is running and requires it to be turned off. I have added related samsung urls on the whitelist but it doesn't do anything. What's weird is that "some" people using the same device in Korea does not seem to have the same issue... Can't really pin down the conditions to it.

In summation: All VPN needs to be turned off when in use of SPay.

[ameshkov]

In summation: All VPN needs to be turned off when in use of SPay.

Got it, and it's not cool:(

[ameshkov]

Guys, does anybody know where we can report a feature request to Samsung?

Issue Description

Samsung Pay does not work on Galaxy S8 when there is an active VPN tunnel.

Proposal

Android provides a way to exclude an app from a VPN: https://developer.android.com/reference/android/net/VpnService.Builder.html#addDisallowedApplication(java.lang.String)

Adds an application that's denied access to the VPN connection. By default, all applications are allowed access, except for those denied through this method. Denied applications will use networking as if the VPN wasn't running

The point is that if Samsung Pay is excluded by a call to addDisallowedApplication, this security precaution is unnecessary.

What should be done: Instead of detecting an active VPN connection, check if Samsung Pay app is routed through the VPN.

[ameshkov]

Meanwhile, I've filed an issue to their forum: http://developer.samsung.com/forum/thread/samsung-pay-does-not-work-when-there-is-an-active-vpn-connection/201/338052?boardName=SDK&startId=zzzzz~

[ameshkov]

There's even an app that stops AdGuard when Samsung Pay becomes foreground: https://play.google.com/store/apps/details?id=com.haewon.samsungpay_adguard&hl=en

[ameshkov]

Read here: https://forum.adguard.com/index.php?threads/about-using-samsung-pay.28973/#post-170578

There must be a delay (5 sec for instance) before AdGuard starts protection back, otherwise, we might mess with the online payments.

[admitrevskiy]

Resolved.

This feature will be available in two cases:


1. The app language is Korean
2. The device is registered in Korean mobile network


Notification and Low-Level Settings
 The notification should appear after start protection in the VPN mode. (Make sure that Other notification channel is enabled if you test it on Oreo+ device)
 Tap on notification will redirect you to KB with preg.samsungpay.autopause.enable explanation 
 There is also a button that will take you to the low-level settings. You can not enable this feature until Usage Access is not granted for AG app You can swipe notification and it will not annoy you anymore



Testing instructions: 

-VPN mode 
-Samsung Pay opens in full-screen mode. You need to give the highest priority for Protection Status notifications to make sure that this feature works correctly) 
-Open Samsung Pay app while AG protection is running in VPN mode
 -Simulate payment (SPay gives user 30 seconds to do it)



Expected behavior 
-AG should pause protection after Samsung Pay opens
 -AG should restart protection with delay of 5+ seconds after you close Samsung Pay 



-Proxy Mode
 Expected behavior: 
-Nothing happens