Closed embeddedtofu closed 1 month ago
I've read this several times, but still don't understand your issue. All I can say is that the principle of operation in VPN and Root modes has not changed for years.
In the past you could, for instance, keep the default Android network permissions (all allowed), in the VPN app select all the apps you might at some point route through the tunnel, and use the Invisible firewall to choose whether you wish to allow VPN access at any point or not.
But now, you have to remember or check the settings of every VPN profile of every corresponding VPN app, optionally kill and freeze apps in you don't want to change the profile configuration, and maybe install another app for an overview of the Android permissions. In short, it's less convenient and mistakes causing a leakage are more likely.
InviZible always behaved this way. There is no technical ability to know which apps are excluded from the VPN. If the VPN is enabled, InviZible uses VPN firewall rules with a key icon.
At least in AOSP 9 and before, whether you set up a VPN only for apps you included, or vice versa, excluding apps from a system-wide tunnel, Invizible acted independently; that is, you could control acess with the firewall no matter how you set up the VPN app.
But now the VPN tunnel is always treated as a system-wide layer so even if it is configured for just one app, you need to allow VPN for all apps requiring any network access, incl. to localhost.
Even if this is caused by a new system implementation, certainly a workaround mimicking the old behavior ought to be possible. After all, proper split-tunneling is the main reason root mode is worth it.