celzero
RethinkDNS does not autostart on GrapheneOS (completely unrestricted internet for all apps if using SIP telephony)
GrapheneOS does not autostart when booting up GrapheneOS. I believe this is the root of #2218, but boot-up is a more clear-cut case. I reproduced it on a fresh device:
- Install GrapheneOS on a Pixel 8a, relock the bootloder, and update the OS.
- Do other testing, then factory reset it.
- Install Fdroid and Aurorastore in owner profile, add the repos, self-update
- Install RethinkDNS from Fdroid. Grant it unlimited battery permission (because the popup doesn not work).
- Start up RethinkDNS and grant all the popups, until it is well-established as VPN lockdown provider.
- Restore the config from #2224
- reboot, unlock owner profile
Expected behavior: RethinkDNS autostarts Actual behavior: RethinkDNS does not start - but at least both Android and RethinkDNS give me a warning notification. Internet is blocked for all apps.
Next,
- install and configure Linphone / Rethinkdns as in #2214
- uncheck VPN lockdown mode in Android settings - else SIP protocol cannot connect
- reboot, unlock owner profile
Expected behavior: RethinkDNS autostarts, blocks as configured Actual behavior: RethinkDNS does not start, and all app have completely unrestricted internet access
Version: RethinkDNS v0.5.5t fdroid, GrapheneOS build 2025091000.
@ignoramous, @hussainmohd-a - FYI, re validity of P0 - rdns starts just fine for me in multiple configurations on multiple GOS devices (and not only GOS).
It includes:
- v0.5.5t and v0.5.5n
- WiFi-only and/or cellular
- WG (different providers, free and non-free) and orbot (as https/socks proxy)
- all types of user profiles (owner and not) as well as private space all seems to be OK
@t-j-b - just in case, try to check check with "Auto-start on power-up" set to OFF (I think it's OFF by default) I don't know (haven't checked) if you really need it ON if rdns is set to aways-on/killswitch in system.
Just in case it's relevant, I have both rdns and orbot set in system as unrestricted for both battery and background data.
Reproduce the same behavior on a Pixel 7 with GOS. I have autostart on power-up turned on. used Version v0.5.5u com.celzero.bravedns versionCode 30000053
GrapheneOS does not autostart when booting up GrapheneOS. I believe this is the root of #2218, but boot-up is a more clear-cut case. I reproduced it on a fresh device:
- Install GrapheneOS on a Pixel 8a, relock the bootloder, and update the OS.
- Do other testing, then factory reset it.
- Install Fdroid and Aurorastore in owner profile, add the repos, self-update
- Install RethinkDNS from Fdroid. Grant it unlimited battery permission (because the popup doesn not work).
- Start up RethinkDNS and grant all the popups, until it is well-established as VPN lockdown provider.
- Restore the config from Work profile apps become uneditable by reinstalling them after backup/restore cycle #2224
- reboot, unlock owner profile
Expected behavior: RethinkDNS autostarts Actual behavior: RethinkDNS does not start - but at least both Android and RethinkDNS give me a warning notification. Internet is blocked for all apps.
Next,
- install and configure Linphone / Rethinkdns as in SIP client (SIP/TLS/SRTP) cannot connect under Always-on VPN + Lockdown #2214
- uncheck VPN lockdown mode in Android settings - else SIP protocol cannot connect
- reboot, unlock owner profile
Expected behavior: RethinkDNS autostarts, blocks as configured Actual behavior: RethinkDNS does not start, and all app have completely unrestricted internet access
Version: RethinkDNS v0.5.5t fdroid, GrapheneOS build 2025091000.
I think its Android 16 problem. Dosent autostart on Samsung aswell after update.
Husain is looking into this rather strange issue. His preliminary assessment is that it is likely that there's something up with Rethink rather than with Android.
I still use 0.5.5n because I can't find a single use case where it fails. Rethink works flawlessly as expected, this app is bloody awesome!
I use it on a Samsung A34 and today I tried to update to 0.5.5u to discover the new and/or improved features. Everything still works fine as before except the most important thing : It does not autostart anymore and there's a notification stating that fact.
In October I was still using Android 15 and updated to Android 16 around the 10th. No issue with Rethink, as long as it stayed at version 0.5.5n. Thankfully I made a backup of the config so I could safely downgrade back to 0.5.5n, which I've done and I'm back to fully functional, including autostart 😄
I haven't tested any release between 0.5.5n and 0.5.5u. If it of some interest to you (ie: figuring which release started to not autostart), feel free to ask and I'll find the time to test.
It does not autostart anymore and there's a notification stating that fact ... If it of some interest to you (ie: figuring which release started to not autostart), feel free to ask and I'll find the time to test.
@hussainmohd-a found this hard to track bug (yeah, it is a change in Android's behaviour and nothing that Rethink did any differently)... and has fixed it. Will be part of v055v, due soon-ish.
There's obviously something in Rethink somewhere between v0.5.5n and v0.5.5u that Android didn't like. I'm using Android 16 release 2025121201 with 20251205 security update on GOS Pixel9 and Android 16 release 20251208 with 20251201 security update on the Samsung A34. In both cases, not only Rethink v0.5.5n auto-starts perfectly on boot without issue but also blocks everything as intended in VPN lockdown mode. I verified this on my LAN by blocking the outbound traffic on both phones and using tshark on the gateway to see what happens. Nothing gets of the phone, no packet hits the gateway except a single connection on port 80 on the gateway IP.
With v0.5.5u, obviously, Rethink not auto-starting let all the cats out of the bag and all the crap from the Samsung phone (Google and Samsung stuff) is spilled and really eager to phone home. GOS, on the other hand is highly sparse and discreet on that front 😄
Nonetheless, congrats on finding this hard to track bug, you guys really rock.