Download the Private Internet Access Android app directly from Google Play or from PIA. If you’re already on the PIA site, simply click on “Support” at the top and then “Client Download and Support”. The client setup page also has manual setup guides to configure Android devices to use their service with OpenVPN Connect, L2TP/IPsec + PSK, and PPTP. Once you get on this page, click on the “Download” button in the Android App box (shown at left). This will take you to the Google Play Store where you can download and install the app to your Android device. You must allow in-app purchases for the installation to complete. The app requires Android 2.2 or greater. The images below illustrate this installation.
Once the app finishes installing, press the green “OPEN” button (shown above right) to launch it. This will bring up the login screen which is shown in the image on the left below. On this screen, you will need to enter the “Username” and “Password” from the welcoming email sent to you by Private Internet Access. Next, enter “your email address” in the appropriate field and tap the big green “LOG IN” button. You will notice the pricing on the image is $6.95 a month or $39.95 a year. Remember to use our VPNFan discount to save up to even more.
This will bring up a screen like the one shown in the middle above. This is the main connection screen for the Private Internet Access Android app. From this screen you can slide the connection slider right to connect to your chosen location. If you tap on the encircled greater than sign to the right of the current region (Automatic), it will bring up the location selection screen which is the last image above. As you can see, Automatic has a check and is outlined in a green box. This means that it is your chosen connection location. The locations are in alphabetical order and you can slide up and down through the list to find your location. Also note that the ping times are shown under each location to help you find the fastest one from your current location.
Now let us say you want to connect to Melbourne, Australia, just tap on the AU Melbourne location in the last screen above. This will set you current location to AU, Melbourne and return you to the main connection screen as shown in the first image below. To complete your connection to Melbourne, slide the status slider to the right. Since this is your first connection, you will see an attention screen like that shown in the second image below. You must trust the PIA VPN app and then tap “OK” for the connection process to continue.
Your will then see an image like the third one above which indicates that the app is authenticating the server certificate before completing the connection. The last screen above shows that you are now connected to Melbourne. IP addresses are also shown on these screens but have been redacted for this review. Once you are connected, you have a new virtual IP as yours has been masked. Also all of your Internet traffic is now securely encrypted. We have seen how to connect to a new location when you are not already connected to a VPN server. Now let us take a look at how you change locations using the Private Internet Access Android app. This process is illustrated in the below images.
The first image above shows that you are currently connected to AU Melbourne. Taping on your current location area will bring up the locations to select from as you previously saw. Tapping on the New York City location is all that is needed to change from Melbourne to New York City. Just a single tap will disconnect you from Melbourne and then connect you to New York City as is shown in the second and third images above. The last image shows that our new connection is indeed New York City as it is surrounded in a green box with a big green check.
The “?” icon in the upper right of the sceen will bring up copywright information on the app and the components it uses. You can look at this if your want. The last thing that we want to examine for the Android app is the settings which can be accessed by tapping the “gear” icon in the upper right of the screen below the “?” icon. The first of the settings which is not shown are account information and logout which will log you out of your current VPN session. Note if you logout you will have to re-enter your login credentials.
Sliding the screen up will reveal the connection settings which are shown in the below images.
The connection setting for the PIA Android app are as follows:
- Block local network – This will keep other machines from being able to communicate with your device if you are on a LAN (Local Area Network).
- Use TCP – Their are two protocols that can be used with an OpenVPN connection.
- UDP – This is the User Datagram Protocol which is used with low latency connections and that can tolerate some loss in packets. This is the default OpenVPN protocol for the Private Internet Access Android app and best for most users. It does not have to check for packet order or loss but can do a checksum if desired.
- TCP – This is the Transfer Control Protocol and is good for high latency connections and those which cannot tolerate any loss. It provides error checking for packet order and loss and resends packets if necessary. This makes it slower because of the extra overhead involved in error checking and resending of packets in the proper order.
- Remote Port – This lets you choose the remote port to tunnel data through as is shown in the middle image above.
- Auto – This will choose the best port for you.
- Port 1194 – This is the standard OpenVPN port.
- Port 8080 – This is the alternative port to Port 80 for HTTP web services. It is commonly used for proxy port.
- Port 9201 – This is the port used for WAP (Wireless Application Protocol) services on mobile devices.
- Port 53 – This is the port used by DNS for requests.
- Local port – This allows you to set a local port to send data through which is then redirected to the remote port.
- Internet kill switch – Once set, this will kill all Internet traffic from the device if the VPN connection is dropped.
- It will restore Internet traffic once the connection starts up again.
- Disabling the kill switch or exiting the VPN client will also restore normal Internet operation.
- Request Port forwarding – Turning this on allows you to set up an application and allow remote users to connect to it. The remote uses must know the device name and the port number to successfully connect to it.
- Port forwarding is only through the following gateways: CA Toronto, CA North York, Netherlands, Sweden, Switzerland, France, Germany, Russia, Romania, and Israel.
- Only do this if you are running a service that you want others to connect to from outside as it will kill your privacy.
- Use small packets – This transfers the data in smaller packets which can fix some network issues with some firewall or setups.
Below the connection settings are the encryption settings which are shown in the images below. The first of these is the data encryption which is shown in the first image. Tapping on the data encryption area will bring up a screen like that shown in the second image where you can select the level of encryption you want.
Data Encryption – This is the encryption used to encrypt and decrypt all of your Internet traffic once the initial secure tunnel has been established between your computer and a Private Internet Access VPN server. The four selection you can choose from are as follows:
- AES-128 – Advanced Encryption Standard (AES) is the National Institute of Standards and Technology’s (NIST) chosen protocol and the one used by the United States government for some secret documents. This one uses a AES-128 CBC (Cipher Block Chaining) with a 128 bit key and is will provide the best performance for most uses.
- AES-256 – This uses the same encryption algorithm as above. AES-256 CBC uses a 256 bit key thus is more secure and slower. This is used buy the US government for some top secret documents.
- Blowfish – This uses Blowfish-128 CBC with a 128 bit key as an alternate to AES. This is a secure algorithm and was one of the runner-ups in the NIST standards competition.
- None – This does not encrypt your data and not recommended as it only hides you IP and thus means the VPN is being used as a pseudo proxy. You will be susceptible to passive attacks where your data is recorded by a third party without your knowledge. This can help overcome geo-restrictions and censorship.
The second of these is the data authentication which is shown in the first image below. Tapping on the data encryption area will bring up a screen like that shown in the second image below where you can select the level of security for data authentication.
- Data Authentication – This refers to the algorithm that authenticates all of your data to guard against active attacks (attack where an entity adds or removes packets from your message).
- SHA1 – This uses HMAC (Key-Hash Message Authentication Code) with a 160 bit key.
- SHA256 – This utilizes HMAC with a 256 bit key and is thus slower.
- None – This opens you up for active attacks or Man-in-the-Middle (MitM) from outside sources where the attacker intercepts your message and then alters it before sending it on the VPN server without your knowledge.
The last of the encryption settings is called the handshake which is shown in the first image below. Tapping in the handshake area will bring up a screen like that shown in the second image below where you can select the type and level of security for the handshake.
- Handshake – This is the algorithm which establishes the initial secure connection and verifies that you are talking to a PIA VPN Server and not an imposter. Hence the name handshake. Private Internet Access uses Transport Secure Layer v1.2 (TSL 1.2) for this connection and all certificates are signed using SHA512.
- RSA-2048 – This uses a 2048 bit Ephemeral Diffie-Hellman (DH) key exchange and 2048bit RSA certificate for verification.
- RSA-3072 – This uses the same algorithm as above with 3072 bit for both key exchange and RSA certificate.
- RSA-4096 – This uses the same algorithm as above with 4096 bit for both key exchange and RSA certificate.
- ECC-256k1 — Ephemeral Elliptic Curve DH key exchange and an Elliptic Curve Digital Signature Algorithm (ECDSA) certificate for verification. Curve secp256k1 (256bit) which is the curve that Bitcoin uses for its transactions is used for both the key exchange and the certificate.
- ECC-256r1 — Like above but curve prime256v1 (256 bit, also known as secp256r1) is used for both the key exchange and the certificate.
- ECC-521 — Like above but curve secp521r1 (521 bit) is used for both the key exchange and the certificate.
Below are some endpoint encryption settings along with helpful suggestions for their use or non-use.
- Maximum Protection – AES-256/SHA256/RSA-4096: This is for those who want the maximum security for their data and don not mind the extra speed loss.
- Default Recommended Protection – AES-128/SHA1/RSA-2048: This provides the best balance of speed and protection and is the best setting for most users.
- Risky – AES-128/None/RSA-2048: This configuration is suceptible to active MitM attacks where a hacker intercepts the message and modifies it before sending to the recipient.
- All Speed No Safety – None/None/ECC-256k1: This is suceptible to both active and passive attacks from outside third parties (hackers). You might as well not have a VPN as only your IP is hidden. which makes the connection act like a proxy.
The Private Internet Access Android app has a clean graphical interface and is easy to use. Simply select a location and press the status slider to the right to connect to it. Changing regions is even easier as all you have to do is open the locations screen and tap on a new location. The app will then automatically disconnect you from your old location and then connect you to your new one. The default settings used by Private Internet Acsess are ideal for most users so no technical knowledge is required to use their VPN. However, they offer manual settings for connection and encryption for those who are more technical and want more control over their VPN connection. Their app supports some advanced VPN features for those who understand how to use them. This includes a variety of remote ports, local ports, port forwarding, small packets, and even a kill switch to kill your Internet access if the VPN connection drops. Add to this, it includes the best encryption in the industry so you can be assured that you are safe at your local Wi-Fi hotspot.