Behavior of network protection in WithSecure Elements EPP for Mobiles

Question

Has anyone experienced network protection being enabled automatically recently?

In our environment, we have network protection set to disabled and locked, yet some devices have had it enabled without any apparent configuration change.

Sethu Laks · Answer

Hi @YK0710

In your situation, the best next step would be to collect the Android diagnostic file from the affected devices where the profile settings were not applied as expected. Once you have that, please submit a support ticket and include the diagnostic file so the team can investigate further and assist you more effectively.

YK0710 · Answer

Hi @Sethu Laks,

Thank you very much for your response.

We have confirmed that the VPN connection request prompt is appearing on some devices. Based on this situation, we believe the following scenarios have occurred:

* In some cases, Network Protection was enabled in the profile, while it was manually turned off on the local device. After the VPN connection request prompt was displayed, user interaction (tapping Allow) appears to have resulted in Network Protection being enabled on the device.
* Additionally, even after creating a profile where Network Protection is disabled and locked, and applying it to devices, we have observed one device on which the VPN was still configured/enabled.

We understand this may be a very rare or edge case; however, we would like to ask whether you have seen or are aware of any cases where VPN becomes configured when a profile with Network Protection set to disabled and locked is applied.

We have tested this by reapplying the profile multiple times, but so far the behavior has been difficult to reproduce.

Thank you in advance for your insights.

Sethu Laks · Answer

Hi @YK0710

We’ve recently observed a very similar situation with Elements EPP for Mobile on Android.

In our case:

* Environment: Android 12
* App version: WithSecure Mobile Protection 26.1
* Profile setting (Elements Security Center): Network Protection = disabled and locked

Despite this, some devices still showed Network Protection (VPN) as enabled. Users also reported seeing an Android system prompt such as:

“Connection request – [app name] is trying to set up a VPN connection. Allow if you trust the source.”

Based on what we’ve gathered so far, this appears to be related to the Android behavior where:

* An app update or network stack change can trigger the VPN “connection request” prompt again
* If the user taps Allow, the VPN may become active on the device, even if the feature is configured as disabled and locked in the Elements profile

So in short, we are also seeing cases where Network Protection becomes enabled on some Android 12 / version 26.1 devices without any intentional admin-side change—most likely after the user accepts the Android VPN prompt.

If possible, it would be helpful to check with affected users whether they recall accepting such a VPN “connection request” dialog, and to compare the local app state (Network Protection on/off) with what is defined in the Elements portal profile.

For reference, here are our test observations:

* Device: Sony Xperia 5 II (Android 12)
* Client version: 26.1.0023467

Test scenarios:

* Activated with VPN feature disabled and locked → VPN not enabled, no prompt shown
* Changing profile state to enabled → triggers VPN setup prompt
* Activated with VPN feature enabled, but VPN setup declined → switching to disabled and locked caused no issues
* Activated with VPN feature enabled and VPN setup completed → switching to disabled and locked caused no issues

Hope this helps provide some additional context.

Best regards,

Sethu

Community Moderator | Technical Support Engineer

WithSecure™ European Alternative for Cyber Security