[Feature request] Allow WireGuard key import/sharing between work/user profiles

[sevmonster]

Issue report

Operating system: Android 13

App version: 2022.2-beta2

Issue description

With newer Android versions, it is made easy to run apps under separate user profiles, and within the same user profile but sandboxed into separate work profiles. However, their environments are completely isolated, including VPN settings. If I want to use the app under multiple profiles, I must create a new "device" in Mullvad, which can quickly exhaust accounts' 5 device limit, all within one device. You could just as equally apply this to someone that dual-boots different operating systems, though on desktop at least you can copy your files to the other installation to use its key. With Android's app data protection, you can't utilize that approach without root permissions.

I can just use the WireGuard or OpenVPN app with a custom config, sure, but being able to somehow manage this within the Mullvad app is beneficial from a usability standpoint.

I'm not sure what the best way to implement such a feature is, since the private key lives in app data that can't be accessed by other installations. It could be possible to save it to obd which I believe should be shared between profiles, though I recall that directory being locked down in recent versions; its intention was to share bulky and split packages and other data so that they can be reused without redownloading. I am also not sure if it works across user profiles, but I don't think it does.

[faern]

The device concept and removal of the WireGuard key view is already in the stable app on desktop.

Reintroduce WireGuard key import

I don't understand this title. We have never supported importing keys into the Android app. You could view your current public key and force a key rotation, but never set the key to something. So I'm not sure exactly what functionality you want reintroduced.

[sevmonster]

I don't understand this title. We have never supported importing keys into the Android app. You could view your current public key and force a key rotation, but never set the key to something.

I distinctly remember, a long time ago, doing something similar in regards to the desktop app—but it's entirely possible I may have been going through the filesystem and not the app to do so. With that I must have worked it in my head it was a feature of the Android app without having used it before...

Anyway, I will recontextualize my issue. Sorry for the confusion.

[lzlrd]

Would like to double-down on this.

If cross-profile network communication is permitted (don't see why it wouldn't be, however), maybe redirecting traffic to the app in the default/main/primary profile which then communicates with Mullvad would work? APIs exist for apps to detect if they're in a work profile and share information between them (the user can enable/disable this from Settings).

I know it's a tricky ask (a lightweight client/server model will need to be designed, etc.), but with Private Space dropping in Android 15 (see https://lifehacker.com/tech/how-new-private-space-works-on-android-15) this will be more useful than ever (note: Private Space uses similar functionality to Work Profiles).

[sevmonster]

Thanks for the call-out on Private Space. It would be arguable about Shelter/work profiles on whether or not such a feature would be useful, but with Private Spaces being added as a first-party feature, I imagine many users besides us will run into this exact scenario with it.

Your suggestion on an API I don't believe is workable, at least not currently. I believe the network is completely isolated between work/normal apps. I am not an Android dev though so I could be wrong. If I am and it were possible, I would imagine such a feature would be useful for work profiles as well as the upcoming Private Space feature.

[lzlrd]

@sevmonster, just on the network isolation - I'm able to host an FTP server in Private Space (via the Material Files app) with it being accessible from the Default profile and vice versa.