Handle external VPN revocation policy#638
Conversation
Local emulator test resultsTested the GitHub debug build from this PR on the local Passed: deliberate disable in Android VPN settingsWith TrackerControl active and configured as always-on, I disabled Always-on VPN through Android's real VPN settings UI. Observed:
This validates the safety-critical direction: a user disabling TrackerControl in system settings is respected rather than being undone by recovery/watchdog behavior. Passed with limitation: recovery while always-on remains configuredI re-enabled TrackerControl and Android's always-on setting, then induced a controlled crash of the debuggable app process. Observed:
The emulator did not automatically restart the crashed app, so this confirms that the preserved state permits recovery, but not that Android itself will always trigger that recovery immediately. Not reproducible in this emulator setupThe emulator exposes no shell command that produces a genuine transient Replacement by a second VPN was also not exercised because the AVD has no other VPN app installed. ConclusionThe deliberate-disable path behaves correctly, and recovery remains possible when always-on state is retained. The PR should remain draft until the transient-revoke timing is observed on a physical device (or reproduced with a dedicated second/test VPN). |
What changed
Why this is separate
This lifecycle behavior was split out of #617 because correctness depends on Android's
onRevoke()/ always-on-state timing and should be validated independently on real devices.Validation
./gradlew testGithubDebugUnitTest --tests eu.faircode.netguard.VpnRevokePolicyTestDevice validation still needed