I am analyzing Android VPN applications(e.g., Hola**) permissions usage. It is stated, as far as Google official manual(http://developer.android.com/reference/android/Manifest.permission.html), that a VPN application must use BIND_VPN_SERVICE permission but Hola does not stat it in its Manifest file. I want to know why it does not use this permission and how it (or in general VPN apps) offers VPN service?
** Hola's permissions in Manifest file:
I want to know why it does not use this permission
Because it does not need the permission, which is good because it cannot hold the permission. BIND_VPN_SERVICE is a signature-level permission.
Quoting the documentation for BIND_VPN_SERVICE, with emphasis added:
Must be required by a VpnService, to ensure that only the system can bind to it.
Where you should find BIND_VPN_SERVICE in an app's manifest is not in a <uses-permission> element, but rather in an android:permission attribute on a <service> element for the VpnService implementation. The app is defending a component using a permission, not using the permission to talk to other apps.