Information we collect¶
The app strongSwan VPN Client for Android does not collect any user data or transmit any data to us.
The app provides a feature to send the latest log file via email. The default email address configured for this is our contact address (the user is, of course, free to change it). Any log file sent to us by this means will be handled with care (log files do not contain any highly sensitive information in the first place).
Information shared with VPN server providers¶
Important: We don't provide any VPN servers ourselves.
The app does not share any information with VPN servers other than what users configure in the VPN profiles themselves (username, password, client certificate, user/server identities). All this data is sent encrypted, however, identities are sent before authenticating the server. Hashes of passwords (or the plaintext password if EAP-GTC is used) are only sent after successfully verifying the server's certificate and identity.
CA certificate hashes¶
If the VPN profile is configured for automatic CA certificate selection, hashes of the public keys of all CA certificates installed on the device are sent to the server (encrypted). If a specific CA certificate is selected, only its hash is sent. If a server certificate is selected, no certificate hashes are sent. Since 1.9.0, sending certificate requests may be disabled completely in the profile settings.
Traffic sent via VPN¶
VPN connections using EAP-TNC¶
If users connect to a VPN server that requires EAP-TNC authentication (and only then), information about the user's device may be shared with the server. These are (depending on what the server requests) the Android version, a unique device ID, the installed apps (name and version), open network ports, and whether non-market apps may be installed on the device.