How are existing VPN applications creating new profiles in Android 2.0 - 2.3?

Question

After much searching on StackOverflow, it seems rooting a device in the only way to create a VPN profile pre-4.0

My question is how do the following apps do it without root?

http://www.featvpn.com/

https://play.google.com/store/apps/details?id=com.expressvpn.vpn&hl=en

Update 1

Seems private API is the way to go pre-4.0. Unfortunately, not many resources out there to get started. Does anyone know if private api still requires a rooted device?

Update 2

It seems you can do this using modified Android.jar or by using reflection. L2TP/IPSEC still requires rooted device. PPTP does not seem to.

How to use internal APIs on Android

Update 3

Please note, this is taken from various sources. It seems root is required because VpnService starts racoon, which then runs as a system user, and retrieves the PSK from the KeyStore. So KeyStore entries created by other apps aren't visible to racoon. (In linux environment, racoon is a security process assisting in IPSEC related key negotiations - IKE).

This makes sense, however, there are still applications which achieve L2TP/IPSEC without root.

Update 4

XinkVPN, source code to get started. Still does not allow users to create L2TP profile without user having to generate a key_store and recompile. Not very market friendly but a fabulous start.

https://github.com/xinthink/xinkvpn

http://code.google.com/p/xinkvpn/

Answer 1

you could just redirect the user to the VPN settings screen via an undocumented intent.

        Intent intent = new Intent("android.net.vpn.SETTINGS");
        intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
        startActivity(intent);

This seems to work on 1.6-4.1 phones.