Android 17 Standardizes VPN Split Tunneling

Gregory Zuckerman
By Gregory Zuckerman
Technology
6 Min Read

Google is moving to fix one of the most frustrating pain points of mobile VPNs. In Android 17 Beta 3, the company has added a system-level split tunneling experience that lets users exclude specific apps from a VPN connection in a consistent, predictable way.

That may sound like a niche tweak, but it addresses a common real-world problem: banking, streaming, and other location-sensitive apps often block or misbehave when a VPN is active. Standardizing app exclusions at the OS level removes guesswork and inconsistent behavior across providers.

Table of Contents
Two smartphone screens are shown side-by-side. The left screen displays a menu for screen recording options, including toggles for device audio, microphone, and touch display. The right screen shows a video player interface with a black screen, indicating a recording in progress or a video being played. The background has been updated to a professional flat design with soft patterns.

Why Split Tunneling Has Been A Persistent Headache

Today, split tunneling on Android is a patchwork. Popular services like NordVPN, Surfshark, and Proton VPN offer app exclusions, but the setting can be buried, named differently, or missing altogether on certain devices or versions.

This inconsistency matters. If your mobile banking app rejects VPN traffic or a streaming service enforces regional catalogs, you either toggle off the VPN entirely or hunt for a provider-specific option that may not work the same way on every phone.

Research from consumer insights firms has long shown that a sizable share of mobile users rely on VPNs for privacy and access, with around one-third reporting monthly use. For them, unreliable split tunneling leads to support tickets, abandoned sessions, and weakened security when they disable the VPN just to get one app working.

What Android 17 Changes For VPN Split Tunneling

Android 17 introduces a unified, system-managed screen for app exclusions. Instead of each VPN app building its own interface and routing logic, the OS presents a consistent picker where you select which apps should bypass the VPN.

Once set, excluded apps use your regular connection while the rest of your phone continues through the VPN tunnel. Changes apply immediately if the VPN is active, or at the next connection, and persist so you’re not constantly reconfiguring after a reboot.

There’s one catch: it’s currently a developer-facing capability. VPN apps need to invoke the new system settings surface. The upside is clear—once providers adopt it, users get the same clean flow regardless of brand, and smaller VPNs that never shipped split tunneling can tap into it with far less engineering overhead.

Security And Privacy Considerations For Split Tunneling

Split tunneling is a convenience feature with trade-offs. Excluding sensitive apps from the VPN means their traffic is no longer protected or location-masked. That can be fine for services that outright block VPNs, but it’s a decision users should make deliberately.

A smartphone screen displaying app icons and a weather widget, set against a professional, soft blue gradient background.

Expect Android’s system implementation to respect stricter modes like Always-on VPN and Lockdown (block connections without VPN). On devices where Lockdown is enabled, app exclusions typically don’t apply, preserving a hard “no VPN, no traffic” stance.

Standardization also helps reduce technical risks. Academic work from CSIRO’s Data61 and collaborators has highlighted DNS and IPv6 leakage issues in poorly implemented VPN clients on Android. A uniform, OS-managed approach can narrow the attack surface by taking routing edge cases out of bespoke app code.

Real-World Impact For Users And Developers

For users, this change should mean fewer toggles, fewer app crashes, and a simpler mental model: pick the apps that bypass the tunnel and move on. It may also lead to better battery life and fewer reconnect loops, since the OS coordinates routing rather than each app reinventing it.

For VPN developers, a system picker reduces UI fragmentation and support overhead. It also aligns consumer Android with the structured “per-app VPN” concepts long used in enterprise device management, which could make bring-your-own-device setups less confusing.

When To Expect It And How To Prepare For Rollout

The feature is live in Android 17 Beta 3 and will roll out broadly with the stable release, subject to OEM update timelines. VPN apps must add support, so watch for provider updates that mention a system-managed split tunneling or app exclusion setting.

In the meantime, review your current split tunneling choices—particularly banking, payment, and streaming apps—and decide which should bypass the VPN when the system picker arrives. And if privacy is paramount, keep Always-on and Lockdown enabled to prevent accidental leaks.

The bottom line is simple: Android is finally taking ownership of a messy, important part of the VPN experience. By baking split tunneling into the OS, Google is removing friction that’s long stood between mobile users and a VPN setup that just works.

Gregory Zuckerman
ByGregory Zuckerman
Gregory Zuckerman is a veteran investigative journalist and financial writer with decades of experience covering global markets, investment strategies, and the business personalities shaping them. His writing blends deep reporting with narrative storytelling to uncover the hidden forces behind financial trends and innovations. Over the years, Gregory’s work has earned industry recognition for bringing clarity to complex financial topics, and he continues to focus on long-form journalism that explores hedge funds, private equity, and high-stakes investing.
Latest News