arxiv: 2605.01569 · v1 · submitted 2026-05-02 · 💻 cs.NI · cs.CR

Recognition: unknown

ShieldShare: Building a VPN-backed Android Hotspot for Secure Internet Sharing with Per-User Traffic Accounting

Carlos Semeho Edorh, Dawood Sajjadi, Hanchen Ye, Jialu Bi, Maryam Tanha

Authors on Pith no claims yet

Pith reviewed 2026-05-09 17:43 UTC · model grok-4.3

classification 💻 cs.NI cs.CR

keywords Android VPNhotspot sharingper-user traffic accountingproxy forwardingno-root accesssecure internet sharingVPN tunnelingbandwidth metering

0 comments

The pith

ShieldShare lets Android devices share a VPN connection over the hotspot with accurate per-user traffic tracking and no root access needed.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper builds a proxy-based Android app called ShieldShare that routes hotspot client traffic through an active VPN while separately metering how much data each client uses. It addresses the gap where mainstream VPN apps limit devices and Android's built-in hotspot does not support VPN routing at all. A sympathetic reader would care because this setup makes secure, monitored sharing possible in households, activist groups, or regions with surveillance, all without requiring device administrator privileges. The system combines VPN detection, hotspot control, multi-protocol proxy forwarding, and quota tracking into one installable app released as open source.

Core claim

ShieldShare is a modular proxy-based Android application that enables secure VPN-backed hotspot sharing with per-user traffic accounting without requiring root access. Its architecture includes VPN detection, hotspot management, proxy-based traffic forwarding that supports HTTP, HTTPS, and SOCKS5, and comprehensive traffic metering with quota management. Evaluation confirms that the system reliably routes client traffic through VPN tunnels while preserving accurate per-client bandwidth allocation and accounting.

What carries the argument

Proxy-based traffic forwarding layer that intercepts hotspot client connections and routes them through the device's VPN tunnel while logging bandwidth usage separately for each client.

If this is right

Activists and journalists gain a practical tool for controlled secure internet access in high-surveillance settings.
Households and community networks can share one paid VPN subscription with usage visibility for each member.
Open-source release allows others to inspect, extend, or deploy the system for further real-world testing.
Accurate per-client accounting opens the door to quota enforcement in shared environments.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same proxy approach could be adapted to other mobile operating systems that expose similar hotspot and VPN APIs.
If widely adopted, it might push VPN providers to add native multi-device sharing features instead of strict device limits.
Integration with community mesh networks could allow paid VPN access to be resold with transparent usage tracking.
Long-term deployment data from real censored regions would reveal how well the system handles evolving traffic obfuscation techniques.

Load-bearing premise

A user-space proxy running without root can fully and securely forward every type of client traffic through the VPN while keeping per-user metering accurate and without creating unaddressed performance or compatibility problems.

What would settle it

A test that connects clients running UDP-based apps or non-proxyable protocols and checks whether all their traffic is captured by the VPN and whether the reported per-client byte counts match independent measurements from the VPN service.

Figures

Figures reproduced from arXiv: 2605.01569 by Carlos Semeho Edorh, Dawood Sajjadi, Hanchen Ye, Jialu Bi, Maryam Tanha.

**Figure 1.** Figure 1: ShieldShare’s three-layer structure: UI Layer with Dashboard and Settings at top; Business Logic Layer in middle with VPN Manager, Hotspot view at source ↗

**Figure 2.** Figure 2: Throughput Comparison under 5 Clients. Error bars indicate view at source ↗

read the original abstract

Virtual Private Networks (VPNs) have become essential privacy tools for mobile users, yet current implementations face significant limitations in shared environments. Mainstream VPN providers impose device limits, while Android's native hotspot functionality lacks support for routing shared traffic through VPN connections. Existing solutions either require root access or lack comprehensive monitoring capabilities. This paper presents ShieldShare, a proxy-based Android application that enables secure VPN-backed hotspot sharing with per-user traffic accounting without requiring root access. Our system employs a modular architecture comprising VPN detection, hotspot management, proxy-based traffic forwarding supporting HTTP, HTTPS, and SOCKS5, and comprehensive traffic metering with quota management. Our evaluation shows that ShieldShare reliably routes client traffic through VPN tunnels while maintaining accurate per-client bandwidth allocation and accounting. This enables affordable, community-controlled secure access in censored or high-surveillance environments, benefiting activists, investigative journalists, and shared household networks. We release ShieldShare as open-source software to support further research and real-world deployment.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

ShieldShare gives a practical rootless Android hotspot that routes through VPN with per-user metering, but the evaluation supplies no data to confirm the reliability claims.

read the letter

ShieldShare is a rootless Android app that turns a phone into a VPN-routed hotspot while tracking traffic per connected user. The core contribution is making shared secure access feasible without root or device limits from commercial VPNs. The architecture stands out for combining hotspot management, VPN integration, and a proxy layer for HTTP, HTTPS, and SOCKS5 traffic, plus built-in metering and quotas. Releasing the code openly helps others build on it or deploy it for groups like journalists in restricted areas. This fills a documented gap in Android's native capabilities. The evaluation is the weak point. The abstract states that it reliably routes traffic and maintains accurate per-client accounting, but the description gives no test methodology, numbers on accuracy, or handling of edge cases like multiple users or mixed traffic. Without those, the claims rest on the architecture alone. Because it's proxy-based rather than transparent, clients must configure their apps to use the proxy. This leaves UDP-based or non-proxy apps to potentially bypass the VPN and the accounting. The paper would be stronger if it quantified how much real-world traffic this setup actually captures. This work suits readers focused on practical mobile security tools and privacy in constrained environments. It is not advancing fundamental networking concepts but offers a deployable system. The implementation and open-source aspect make it worth a serious referee's time. I would send it to peer review with requests for expanded evaluation results and clearer discussion of protocol limitations.

Referee Report

2 major / 2 minor

Summary. The paper presents ShieldShare, a proxy-based Android application enabling VPN-backed hotspot sharing with per-user traffic accounting without root access. It describes a modular architecture with VPN detection, hotspot management, proxy forwarding for HTTP/HTTPS/SOCKS5, and traffic metering with quotas. The central claim is that evaluation demonstrates reliable client traffic routing through VPN tunnels alongside accurate per-client bandwidth allocation and accounting; the system is released as open-source.

Significance. If substantiated, the work offers a practical root-free tool for secure shared internet access in censored or surveillance-heavy settings, benefiting activists, journalists, and households. The open-source release is a clear strength supporting reproducibility and extension. However, the assessed significance is limited by the absence of supporting evaluation data and incomplete coverage of traffic types.

major comments (2)

[Evaluation] Abstract and Evaluation section: the claim that 'Our evaluation shows that ShieldShare reliably routes client traffic through VPN tunnels while maintaining accurate per-client bandwidth allocation and accounting' is unsupported because no test methodology, quantitative metrics, error rates, baselines, or edge-case results are supplied. This is load-bearing for the central claim.
[Architecture] Architecture section: proxy-based forwarding is restricted to HTTP, HTTPS, and SOCKS5 with manual client configuration required. The headline claim of routing 'client traffic' does not address bypass risks for non-proxy-aware flows (UDP, QUIC, raw sockets, many games/VoIP), which cannot be transparently intercepted or metered without root on Android, undermining both security and per-user accounting guarantees.

minor comments (2)

The abstract should explicitly state that clients must be manually configured to use the proxy, to prevent readers from inferring transparent interception for all traffic.
[Related Work] Related work would benefit from additional citations on Android VPNService limitations and existing non-root tethering solutions.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript describing ShieldShare. The comments highlight important areas for improving the substantiation of claims and precision of scope. We address each major comment below and indicate the planned revisions.

read point-by-point responses

Referee: Abstract and Evaluation section: the claim that 'Our evaluation shows that ShieldShare reliably routes client traffic through VPN tunnels while maintaining accurate per-client bandwidth allocation and accounting' is unsupported because no test methodology, quantitative metrics, error rates, baselines, or edge-case results are supplied. This is load-bearing for the central claim.

Authors: We agree that the current Evaluation section provides insufficient detail to fully support the central claim. The manuscript references evaluation results but does not include the requested elements such as explicit test methodology, quantitative metrics with error rates, baselines, or edge-case analysis. In the revised version, we will substantially expand the Evaluation section with a detailed description of the experimental setup (devices, VPN configurations, traffic generators, and measurement tools), specific results including routing reliability percentages, accounting accuracy (e.g., measured vs. actual bandwidth with error bounds), baseline comparisons, and handling of edge cases like varying loads and protocol mixes. The abstract will be updated to reflect only the substantiated findings. revision: yes
Referee: Architecture section: proxy-based forwarding is restricted to HTTP, HTTPS, and SOCKS5 with manual client configuration required. The headline claim of routing 'client traffic' does not address bypass risks for non-proxy-aware flows (UDP, QUIC, raw sockets, many games/VoIP), which cannot be transparently intercepted or metered without root on Android, undermining both security and per-user accounting guarantees.

Authors: The manuscript's Architecture section already specifies that forwarding is limited to HTTP, HTTPS, and SOCKS5 with manual client proxy configuration. We acknowledge that non-proxy-aware flows (UDP, QUIC, raw sockets, many games and VoIP applications) cannot be intercepted or accounted for without root access on Android, creating potential bypasses. This is an inherent limitation of any rootless proxy-based approach. We will revise the abstract, introduction, and architecture sections to precisely scope the system to proxy-configured traffic only, rather than implying coverage of all client traffic. A new limitations subsection will explicitly discuss these bypass risks, their impact on security and accounting guarantees, and the conditions under which the system remains effective (e.g., controlled environments where clients can be configured). revision: partial

Circularity Check

0 steps flagged

No circularity: system implementation with empirical evaluation

full rationale

The paper presents ShieldShare as an Android application implementing proxy-based VPN routing and per-user metering. All claims rest on described architecture (VPN detection, hotspot management, HTTP/HTTPS/SOCKS5 forwarding, traffic metering) and reported evaluation results rather than any derivation chain, equations, fitted parameters, or self-referential predictions. No load-bearing steps reduce to self-definition, self-citation, or renaming; the work is self-contained as a practical systems contribution whose correctness is assessed externally via implementation and testing.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the domain assumption that Android platform APIs permit user-space proxy extension of VPN and hotspot functions for full traffic routing and metering. No free parameters or new invented entities are introduced.

axioms (1)

domain assumption Android's VPN and hotspot services can be extended via user-space proxy without root access to support full traffic routing and metering.
The modular architecture described depends on this platform capability and standard proxy protocols (HTTP, HTTPS, SOCKS5).

pith-pipeline@v0.9.0 · 5486 in / 1273 out tokens · 32448 ms · 2026-05-09T17:43:26.848443+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

12 extracted references

[1]

How many devices can I use with Nord- VPN?

NordVPN, “How many devices can I use with Nord- VPN?.” https://support.nordvpn.com/hc/en-us/articles/ 19476515228305-How-many-devices-can-I-use-with-NordVPN. Accessed: 2026-04-08

2026
[2]

Digital safety kit

Commitee to Protect Journalists, “Digital safety kit.” https://cpj.org/ 2019/07/digital-safety-kit-journalists/, 2024

2019
[3]

Internet censorship 101 for journalists in authoritarian regimes

RSF Resources for Journalists, “Internet censorship 101 for journalists in authoritarian regimes.” https://resources.rsf.org/ internet-censorship-101-for-journalists-in-authoritarian-regimes/, 2024

2024
[4]

Global (de)censorship report 2025: Freedom, protocols & technologies

Saropa Contacts News, “Global (de)censorship report 2025: Freedom, protocols & technologies.” https://shorturl.at/QgZGv, 2025

2025
[5]

VPNHotspot: Share your vpn connection over hotspot or repeater

Mygod, “VPNHotspot: Share your vpn connection over hotspot or repeater.” https://github.com/Mygod/VPNHotspot, 2025. Version v2.19.1 (latest release as of Jul 6, 2025)

2025
[6]

Every Proxy

Gorilla Software LLP, “Every Proxy.” https://www.everyproxy.co.uk,
[7]

Accessed: 2026-03-01

2026
[8]

I just hated it and i want my money back: Data-driven understanding of mobile VPN service switching preferences in the wild,

R. Raj, M. Newar, and M. Mondal, “I just hated it and i want my money back: Data-driven understanding of mobile VPN service switching preferences in the wild,” in33rd USENIX Security Symposium (USENIX Security 24), (Philadelphia, PA), pp. 6021–6037, USENIX Association, Aug. 2024

2024
[9]

All of them claim to be the best: Multi-perspective study of VPN users and VPN providers,

R. Ramesh, A. Vyas, and R. Ensafi, “All of them claim to be the best: Multi-perspective study of VPN users and VPN providers,” in32nd USENIX Security Symposium (USENIX Security 23), (Anaheim, CA), pp. 5773–5789, USENIX Association, Aug. 2023

2023
[10]

An analysis of the privacy and security risks of android vpn permission-enabled apps,

M. Ikram, N. Vallina-Rodriguez, S. Seneviratne, M. A. Kaafar, and V . Paxson, “An analysis of the privacy and security risks of android vpn permission-enabled apps,” inProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, vol. 14-16-November-2016, pp. 349–364, ACM, Nov. 2016

2016
[11]

Proton vpn android application

Proton AG, “Proton vpn android application.” https://github.com/ ProtonVPN/android-app, 2024. Source code analysis of VPN rout- ing implementation, specifically SettingsViewModel.kt and ComputeAl- lowedIPs.kt

2024
[12]

A quantitative measure of fairness and discrimination for resource allocation in shared computer systems,

R. Jain, D.-M. Chiu, and W. Hawe, “A quantitative measure of fairness and discrimination for resource allocation in shared computer systems,” Tech. Rep. DEC-TR-301, Digital Equipment Corporation, 1984

1984