Does it allow split tunneling so you can blacklist/whitelist apps to go through VPN or not?
F-Droid
F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
Matrix space | forum | IRC
Yes on Android it allows permanently set split tunneling. Btw, all system apps CAN bypass the VPN if they want. Captive portal, connectivity check and possibly SUPL do this. So GrapheneOS, maybe distros with the same patches, the rest will send your IP to Google.
On Android root you can use Magisk modules to change the SUPL provider. Using an adb permission "captive portal control" can change the captive portal server.
But nothing can change the connectivity check, device attestation and whatnot, which still all go to Google.
Not in a comfortable way unfortunately.
You can launch an app through the Mullvad app which then will be launched bypassing the VPN until it is closed. You cannot permanently blacklist / whitelist specific apps to always / never be routed through the VPN.
Edit: Didn't see the community. On Android it seems to feature a whitelist for apps to not be routed through the app, which seems to be permanent. Not sure why the desktop version does not have that.
It already had split tunneling, didn't it?
Unfortunately still no multi-hop though. That's the reason why I'll stay with IVPN, I guess.
I'm just using Mullvad as is but yeah, kinda bummer.
What is the advantage? Its not Tor, dont the nodes know your full route?
I'm pretty sure the entry server doesn't know the destination, as WireGuard encrypts everything, and it wouldn't make sense for the entry node to already decrypt the traffic. It also protects against ISPs or other companies/institutions monitoring network traffic.
So it works like tor, with encryption layers?
I think so. But with Tor, you of course get the benefit that (ideally) all 3 nodes are run by different parties, which is not the case with multi-hop VPNs. They might be hosted by different server providers, but they are still all administered by the VPN provider.
ISP(and ultimately, authorities) will have harder time making ties with you and the server you visited.
Ignoring privacy features, its a great way to make up for bad internet routing, so I can connect to local mullvad server, then route my traffic to far away mullvad server, and get a better connection (latency, packet loss) then if i went directly.
Mullvad does support multi-hop when you generate a wireguard config (not in their app currently).
I know, but a static Wireguard config makes changing servers a pain in the butt. A native mobile app with multi-hop support is a must-have for me. Still, props to Mullvad for offering their service for just 5 EUR/month, including multi-hop (on Desktop). IVPN is 10 bucks, they have fewer servers and it can be kinda slow at times.