Mobile VPN Application

3 min read
Kotlin Koin Dependency Injeciton Android Google Play Billing StoreKit 2 OpenVPN MVVM Clean Architecture
Table of Contents

Project Overview

Role: Mobile Developer (Android)

Platform: Android (Kotlin & Java)

Project Duration: July 2023 - October 2023

Developed a comprehensive VPN application for Android and iOS with secure VPN connectivity, real-time server selection, encrypted configuration management, and background connection handling. The application integrates subscription billing via Google Play Billing (Android) and StoreKit 2 (iOS) for cross-platform monetization.

User Interface Application

View Screenshots
12
Disclaimer All product names, logos, and brands are anonymized. Screenshots are used solely to demonstrate technical experience.

Key Responsibilities

VPN Core Implementation

  • Integrated OpenVPN library into Android application
  • Implemented VPN configuration parser to handle .ovpn files
  • Developed secure VPN profile management system
  • Created background worker for VPN connection handling using WorkManager

Network & API Integration

  • Designed and implemented encrypted API communication layer
  • Implemented secure session management with encrypted SharedPreferences
  • Developed real-time server selection mechanism

Technical Challenges & Solutions

Secure VPN Configuration Management

Problem:

  • VPN configuration files (OVPN) needed to be retrieved from server, stored securely, and parsed correctly
  • Configuration data contained sensitive server credentials
  • Files arrived with escaped characters that needed proper conversion

Solution:

  • API Layer: Encrypted data transmission from backend
  • Decryption: Custom decryption in RemoteDataSource
  • Processing: Converted escape sequences (\n → newline)
  • Storage: Encrypted storage in SharedPreferences
  • Retrieval: Decrypt on-demand when connecting

Technical Implementation:

  • Created ConfigParser integration to parse OpenVPN configuration
  • Implemented string-to-InputStream conversion for in-memory processing
  • Built secure session management with Gson serialization + encryption
  • Developed ID-based matching between servers and configuration files

Impact:

  • Zero configuration file exposure in plain text
  • Seamless configuration updates from backend

Background VPN Connection Handling

Problem:

  • VPN connections needed to work from multiple entry points (app, widget, notification)
  • Android VPN permission flow required careful state management
  • Connection needed to survive app lifecycle changes

Solution:

  • StartVpnJob: Coroutine worker for background processing
  • LaunchVPN Activity: Permission handling and user interaction
  • OpenVPNService: Foreground service for persistent connection

Technical Implementation:

  • Used WorkManager for reliable background execution
  • Implemented state machine for connection status tracking
  • Created service binding for VPN status monitoring
  • Built retry mechanism with exponential backoff

Impact:

  • Seamless widget and notification integration
  • Proper handling of permission edge cases

Server Selection & Matching

Problem:

  • Multiple servers with different configurations
  • Need to match server metadata with correct OVPN file
  • Support for recommended, last-used, and manual selection

Solution:

  • Fetch server list (appdetails API)
  • Fetch OVPN files (filedetails API)
  • Match by ID: server.id == ovpnFile.id
  • Store matched ConnectionData in session

Technical Implementation:

  • Built filtering system for server selection
  • Implemented caching strategy for server list
  • Created ConnectionData model for active connection state
  • Developed fallback mechanism for server unavailability

Impact:

  • Instant server switching
  • Reduced API calls by 40% through caching
  • Improved user experience with smart recommendations

Data Encryption & Security

Problem:

  • Sensitive data (tokens, OVPN configs, user credentials) stored locally
  • Need to comply with security best practices
  • Balance between security and performance

Solution:

  • API Level: Encrypted response from backend
  • Transport: HTTPS with certificate pinning
  • Storage: Custom encryption before SharedPreferences
  • Runtime: Decrypt only when needed, clear from memory

Technical Implementation:

  • Created encryption/decryption utility functions
  • Implemented secure key management
  • Added ProGuard rules for code obfuscation

Impact:

  • Passed security audit
  • No data leakage incidents
  • Minimal performance overhead (<50ms)

Collaboration with Backend Engineer

API Design & Integration

Collaborative Process:

  • API Contract Definition

    • Worked with backend team to define RESTful endpoints
    • Agreed on encrypted response format for sensitive data
    • Established error codes and handling mechanisms

  • Data Structure Alignment

    • Backend provides:

      • Encrypted OVPN configurations
      • Server metadata with matching IDs
      • User profile with tier information

    • Mobile implements:

      • Decryption layer
      • Data validation
      • Error handling and retry logic
Other Projects

Chat and Video Call Application

2 min read

A comprehensive communication application with real-time chat and video call features, built with WebRTC, Socket.IO, and native Android technologies.

Android Kotlin WebRTC Socket.IO +4

Face Recognition Ticketing Application

2 min read

A native Android-based facial recognition application that served as a gate access mechanism for a football match ticketing system at a stadium in Jakarta.

Android Kotlin ML Kit Face Detection API +3