The strongSwan VPN Client for Android does not collect any user data or transmit any data to us.
The app provides a feature to send the latest log file via email. The default email address configured for this is our contact address (the user is of course free to change it). Any log file sent to us by this means will be handled with care (log files do not contain any highly sensitive information in the first place).
Information shared with VPN Server Providers
|We don’t provide any VPN servers ourselves.|
The app does not share any information with VPN servers other than what users
configure in the VPN profiles themselves (username, password, client certificate,
user/server identities). All this data is sent encrypted. However identities are
sent before authenticating the server. Hashes of passwords (or the plaintext
EAP-GTC is used) are only sent after
successfully verifying the server’s certificate and identity.
CA Certificate Hashes
If the VPN profile is configured for automatic CA certificate selection, hashes of the public keys of all CA certificates installed on the device are sent to the server over the encrypted IKEv2 connection. If a specific CA certificate is selected, only its hash is sent. If a server certificate is selected, no certificate hashes are sent. Since 1.9.0, sending certificate requests may be disabled completely in the profile settings.
Traffic sent via VPN
VPN connections using EAP-TNC
If users connect to a VPN server that requires
only then), information about the user’s device may be shared with the server.
These are (depending on what the server requests) the Android version, a unique
device ID, the installed apps (name and version), open network ports, and whether
non-market apps may be installed on the device.