The Third Beta of Android 17 (new VPN feature)

Encounter5729 · March 26, 2026, 8:45pm

VPN app exclusion settings
By using the new ACTION_VPN_APP_EXCLUSION_SETTINGS Intent, your app can launch a system-managed Settings screen where users can select applications to bypass the VPN tunnel.

val intent = Intent(Settings.ACTION_VPN_APP_EXCLUSION_SETTINGS)
if (intent.resolveActivity(packageManager) != null) {
    startActivity(intent)
}

Wondering whether this mean selecting the ‘Block connections without VPN’ option will finally work with split-tunneling.

Other security/privacy feature (that weren’t unveiled before)

Enforced read-only dynamic code loading:

To improve security against code injection attacks, Android now enforces that dynamically loaded native libraries must be read-only. If your app targets Android 17 or higher, all native files loaded using System.load() must be marked as read-only beforehand.

There are also quite a lot of features to improve the Desktop experience as Google looks to unveil Aluminum OS, a Desktop OS based on Android. Those include widget support for external displays and better picture-in-picture, who now works for full apps.

ignoramous · March 26, 2026, 9:50pm

Android enforced split-tunnel always has worked regardless of Android’s VPN Lockdown mode (“Block connections without VPN”).

Just that, previously, the 3p apps that can do so had to be explicitly “whitelisted” / allowlisted in code at build time by the OEM.^[1] This is besides the fact that the OS itself, including System (1p & 2p) apps, those preinstalled by OEM / Vendor / Google, could always bypass VPN Lockdown mode: Show Android components that can bypass VPN even in lockdown mode · Issue #224 · celzero/rethink-app · GitHub

https://cs.android.com/android/platform/superproject/+/android-11.0.0_r3:frameworks/base/core/java/android/provider/Settings.java;l=6283-6291 ↩︎

Encounter5729 · March 26, 2026, 10:17pm

So this means user can now add apps to this internal restricted list ?

I guess some apps you are refering to is for example the hotspot detection app ?

ignoramous · March 27, 2026, 3:40pm

Seems like. Will have to look at the code/implementation to be sure.

Not sure if the "hotspot detection app " (or apps pre-installed by the Carriers / MNOs / MVNOs) are 3p apps (ie, not part of Android’s “System” partition), but if so, then yes… those kind of apps.

Encounter5729 · March 27, 2026, 8:11pm

Portal Captive app

Topic		Replies	Views
VPN + Firewall on Android Questions	14	2300	March 14, 2026
Android connectivity checks occur outside VPN tunnels Site Development completed	15	681	October 17, 2024
VPN bypass IP leak affecting all Android 16 devices General article	19	2054	May 12, 2026
What information about network connection can get the andriod application with full network access? General	7	966	May 30, 2024
Has anyone tried built-in VPN functionality on Android? General software	4	505	October 12, 2024

The Third Beta of Android 17 (new VPN feature)

Related topics