https://github.com/KOKosaaaa/NetGuard/compare/v1.1.4...v1.1.5/

Android VPN client built for privacy, security, and stealth. Powered by xray-core. What makes NetGuard different Most VPN clients (v2rayNG, Hiddify, v2rayTUN) are great tools, but they share common weaknesses: credentials sitting on disk, open local SOCKS ports, IP leaks during network switches, and package names that scream "VPN" to any DPI system. NetGuard was designed to fix all of that. Zero-leak network switching When you switch between WiFi and mobile data, typical clients tear down the entire VPN tunnel and reconnect from scratch. During that window your real IP leaks. NetGuard keeps the TUN interface alive and only restarts the internal xray + tun2socks processes. Packets are black-holed until the tunnel is back up — zero leak window. Ephemeral authenticated SOCKS5 Every connection generates a fresh random port, a UUID username, and a 32-character random password for the local SOCKS5 bridge between tun2socks and xray. Credentials are cleared from memory on disconnect or network reconnect (they are kept alive during a session so that internal speed-test / service-test requests can reauthenticate through the HTTP bridge). Even if another app scans localhost ports, it cannot authenticate without the ephemeral password. Config minimally exposed on disk The xray JSON config (containing server credentials, UUIDs, passwords) is written to app-private internal storage only long enough for xray to read it, then immediately unlink()ed once the SOCKS inbound is up. No config.json is kept across sessions, and it is never visible to other apps. Note that on ext4/F2FS the underlying blocks may persist until overwritten — this is a brief-exposure design, not a never-on-disk one. Built-in security self-test 9 automated checks that run against your own device: - Open SOCKS5/HTTP proxy ports (10808, 1080, 8080, etc.) -:Xray gRPC API exposure - Clash REST API exposure - /proc/net/tcp analysis for unexpected listeners - VPN transport flag detection - MTU informational report (non-decisive — see self-test details) - Package name stealth analysis Evil Twin WiFi protection Stores SSID+BSSID pairs for trusted WiFi networks. When connecting to a WiFi with a known SSID but unknown BSSID (possible Evil Twin attack), automatically enables VPN and sends a warning notification. Service availability testing Test which services actually work through each server — YouTube, Telegram, Instagram, ChatGPT, Discord, Google, X/Twitter, Spotify. See a score like "3/8" before you connect. Stealth branding Package name com.smarttools.netguard, notification says "Connection active / Network service is running" — no mention of VPN or proxy anywhere visible to system-level inspection. Features Protocols: VLESS (+ REALITY), VMess, Trojan, Shadowsocks, Hysteria2 Transports: TCP, WebSocket, gRPC, HTTP/2, HTTP Upgrade, SplitHTTP, KCP, QUIC - Connection Map Animated world map showing the arc from user to server. - Speed Test Download, upload, and ping through the VPN tunnel using OkHttp and raw SOCKS5. - Wi-Fi Auto-Connect Automatically enables the VPN on untrusted Wi-Fi and includes Evil Twin detection. - Material You Dynamic color theme on Android 12 and newer. - Per-App Routing Supports whitelist, blacklist, and disabled modes. - Auto-Select Best Server Pings all servers over TCP and connects to the fastest one. - Subscription Management Auto-updates subscriptions through WorkManager on a 6, 12, 24, or 48 hour schedule. - QR Code Scan with ML Kit and CameraX, and generate codes with ZXing. - Deep Link Import Supports vless://, vmess://, trojan://, ss://, and hy2:// links. - Traffic Stats Real-time speed plus session, daily, weekly, and total counters. - Home Screen Widget One-tap connect and disconnect. - Quick Settings Tile Android 7.0+ notification panel toggle. - Boot Auto-Connect Reconnects to the last server after device restart. - DNS Custom primary and secondary DNS, with optional DoH through the proxy. - Routing Modes Global proxy, rule-based with RU direct, and direct mode. - LAN Bypass Access local network devices while connected. - Themes Dark, Light, OLED Black, Ocean, and Dynamic Material You. - Languages 17 languages. - Backup / Restore Export and import the full config as JSON. - Log Viewer Real-time xray logs with automatic credential redaction. Security hardening - Not vulnerable to the April 2026 VLESS local-SOCKS leak affecting Happ, v2rayTUN, Hiddify, v2rayNG, NekoBox and others. No unauthenticated local SOCKS5 inbound is ever exposed — both internal bridges (SOCKS5 for tun2socks, HTTP for internal speed/service tests) require the ephemeral 32-char password. See Ephemeral authenticated SOCKS5 above. - Honest caveat on password surface. The SOCKS5 username and password are passed to the tun2socks helper process via command-line arguments, so they appear in /proc/<tun2socks_pid>/cmdline. On modern Android this file is protected by SELinux app_data_file contexts and hidepid, so other apps cannot read it, but a rooted attacker or the same-uid process can. The password is ephemeral per session, so disclosure only compromises the current tunnel's local bridge, not the server credentials. Migration to stdin / fd-based credential passing is tracked as a future hardening step. - EncryptedSharedPreferences via androidx.security:security-crypto for small secrets (DB key material placeholder, credentials cache). Full database-level encryption via SQLCipher is on the roadmap — see Known limitations below. - Log redaction — UUIDs, passwords, Bearer tokens masked automatically - SSRF protection — private/loopback/link-local IPv4 and IPv6 blocked in profile parser - Tapjacking protection on critical buttons (filterTouchesWhenObscured) - Deep link validation with confirmation dialog - Atomic file writes (temp + rename pattern) - No cleartext traffic (except speed test domains through VPN tunnel) - No backup (android:allowBackup="false") - DNS leak prevention — all port 53 traffic forced through proxy - DNS address validation — loopback, private ranges and garbage strings rejected before they reach xray - Input size limits on URIs, subscriptions, imports - Evil Twin WiFi detection (SSID+BSSID pair validation) Known limitations - Room database is currently plain, despite earlier wording. The SQLCipher dependency was declared but never wired as the Room SupportFactory, and the app deletes any previously-encrypted DB on first launch of a new version (see AppDatabase.deleteEncryptedIfNeeded). Profile data is already re-fetchable from subscriptions, so this is low-impact, but a proper SQLCipher integration is tracked as future work. - androidx.security:security-crypto was deprecated by Google in 2024. The 1.1.0-alpha06 release still works on current Android, but Android 15/16 may change backing-store behaviour without backward-compatibility guarantees. Migration path: move to java.security.KeyStore.getInstance("AndroidKeyStore") directly, generate the AES-256 key via KeyGenerator, and store ciphertext in plain SharedPreferences. Tracked, not urgent. - tun2socks credential exposure. See Security hardening → honest caveat on password surface above. License This project is provided as-is for personal use.