In the article 5 Best Android VPNs I discuss why you need a VPN for your Android device. I also discuss specific issues relating to using a VPN on Android, in addition to recommending some great VPNs for Android.
This article is therefore simply a guide on how to actually install a VPN on your Android phone or tablet.
Install a custom Android VPN app from Google Play Store
- You can sign-up for a VPN account first via the provider’s webpage. Once this has been done you will usually receive a Welcome email with a download link to the Google Play Store.
- Or you can download a VPN app directly from the Google Play Store and sign-up via an in-app purchase when the usual free trial expires. If taking this route, please be very careful to only download apps from reputable VPN providers. There are a lot of fake or actively malicious apps available through the Play Store.
To download and install a VPN app from the Google Play Store:
- Follow the link provided by your VPN service, or search the Google Play Store for a reputable VPN app.
- On the app’s download page it is always a good idea to read users’ comments in order to check that the app is legitimate. If you are satisfied, then select “Install.”
- Read through the Permissions the app requires on your device and ensure that you are happy with them. In-app purchases are needed to buy a subscription from within the app, and every VPN app will need access to your WiFi settings. No other permissions should be required. Touch “Accept” when you are ready to proceed.
The app will then download and install to your Android device. Once this is completed, launch the app and sign-in if required. Once in the app, simply select a VPN server you wish to connect to, and hit “Connect.”
OpenVPN Manual Setup for Android
OpenVPN is now the industry standard VPN protocol. It is the one that BestVPN.com recommends you use under almost all circumstances.
The main third-party OpenVPN apps for Android are OpenVPN Connect and the more fully featured and open source OpenVPN for Android (F-Droid version available). Below are instructions for configuring OpenVPN for Android, which now features full Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) and Web Real-Time Communication (WebRTC) leak protection.
- Download the OpenVPN configuration files from your VPN provider’s website. Unzip them (if required) and transfer to a folder on your Android device. Alternatively, download them directly to your Android device and unzip them with an app such as ZArchiver.
- Download, install and run OpenVPN for Android (if you haven’t already). Touch the + icon to the top right of the screen to Add Profile. Give the profile a suitable name, then hit “Import.”
- Navigate to the folder where you saved the unzipped OpenVPN config file(s), and choose a server (.ovpn file). Once imported, touch the tick ✔ icon to continue.
- Once done, you’ll see the server name under the Profiles tab. To start the VPN, just touch it. You can import .ovpn files for as many servers as you like, and they will show up here.
Many providers include all necessary keys and account information in customized .ovpn files, so no further configuration is needed. Others may require that you enter your account information and other details. Please see your provider’s documentation for specific instructions.
Optional (but recommended) additional OpenVPN settings
You can prevent IPv6 DNS leaks by telling OpenVPN for Android to properly route all IPv6 traffic over the VPN. To ensure this is enabled:
- Edit the specific VPN connection in the “Profiles” tab.
- Ensure that IPv6 -> Use default Route is checked. While you are here, also check that IPv4 leak protection is enabled (it should be by default).
Enable a kill switch
To configure OpenVPN for Android to act as a kill switch:
- Edit the specific VPN connection in the “Profiles” tab (see above).
- Go to the “Advanced” tab and check “Persistent Tun” and set “Connection retries” to Unlimited.
Sideload a custom Android VPN app via its .apk file
As I discuss in 5 Best Android VPNs, there are many reasons to de-Google your Android device. If you go this route, then most VPN will be happy provide you with an Android application package (.apk) file of their software that you can sideload to Android.
Note that sideloading files from outside the Play Store presents a security risk. So be sure to obtain the .apk from a reputable source – such a directly from your VPN provider. It can’t hurt to run a malware scan on it either. I recommend the Malwarebytes app for this.
- Download an Android file manager app. I recommend Solid Explorer.
- Download the .apk file to your device. You can download it directly from the web using your web browser, send it to your Android device as an email attachment, transfer it from a desktop computer via USB lead or USB stick, access it from your Dropbox account, or whatever….
IPVanish allows you to download the .apk direct from its website
- Find the downloaded file using a file explorer (or just select it in the drop-down Android notifications shade) and select “Install”. Once the app is installed simply open it.
Manually configure PPTP or L2TP/IPsec VPN settings
Android comes with a VPN client baked-in which supports the PPTP and L2TP/IPsec VPN protocols. For reasons discussed in detail in VPN Encryption: The Complete Guide, I always recommend using an OpenVPN app instead (via either a custom app or OpenVPN for Android).
Some users, however, like the fact that a PPTP or L2TP/IPsec VPN connection can be setup without the need to download a third party VPN app. Note that setup details may differ a little from the instructions below depending on what device and version of Android you are using.
- Go to your Android VPN Settings page. On my phone this is can be found at Settings -> Connections -> More connection settings -> VPN. Select “Add VPN.”
- Enter the PPTP or L2TP/IPsec settings given to you by your VPN provider. These settings are usually available on the setup pages of its website, or you can ask support. Touch “Save” when you are done.
Note that use of pre-shared keys is strongly frowned upon from a security perspective, although this is mitigated somewhat if accounts are secured using a unique username and password.
- On the VPN Settings page select the newly created VPN connection.
- Sign into your VPN account and hit “Connect”.
How do I know the VPN is working?
No matter what kind of VPN you use, Android will display a small key icon in the notification bar whenever the VPN is connected. This lets you know at-a-glance that you are protected.
Check for IP leaks
Android is much less susceptible to DNS and WebRTC leaks than desktop platforms. Once connected to the VPN (using whatever method), however, you should nevertheless check for IP leaks. Just in case.
Note that Private-Use – [RFCxxxx] IPs are local IPs only. They cannot be used to identify an individual or device, and so do not constitute an IP leak.
Using a dedicated VPN app from the Google Play Store is the easiest way to install a VPN on Android. Other methods, however, are hardly difficult.
Image credit: By novak.elcic/Shutterstock.