Cross-border Internet made simple. Android As Proxy (AAP) turns any spare Android phone into an always-on SOCKS 5 gateway reachable from anywhere by using secure SSH remote port forwarding. Place the device in the country whose online services you need, give it to a relative, or rent a hosted phone — AAP makes all traffic that arrives to the SSH server emerge from that handset as if you were physically there. Ideal for listening to geo-restricted radio, streaming region-locked video, accessing ChatGPT or other AI providers blocked in your location, or bypassing state censorship. Built entirely in Kotlin and running as a resilient foreground service, the tunnel survives doze mode, reboots and poor connectivity.
- Listen to Japan-only radio while living in Europe
- Watch domestic sports streams when traveling abroad
- Reach ChatGPT, Claude or other LLMs from within restrictive networks
- Provide relatives in censored regions with an uncensored connection
Commercial VPS and cloud ranges (Hetzner, Vultr, DigitalOcean, AWS, etc.) are widely fingerprinted and routinely blocked by content owners and services such as Wikipedia, YouTube, ChatGPT, etc. Traffic coming from these ASNs is assumed to be “datacenter” and untrusted. By tunnelling through an ordinary Android phone attached to a consumer ISP or mobile carrier you appear as a genuine residential user, bypassing many of these network-wide blocks while still retaining full SSH-grade encryption.
AAP runs a persistent foreground service to keep the SSH session and SOCKS proxy alive.
This prevents Android from entering doze mode but significantly increases power
consumption. Deploy the app on a spare handset, TV box, or any always-powered
device—ideally one that will remain plugged in and unattended.
Do not install AAP on your daily driver phone unless you fully understand and
accept the battery and hardware wear implications.
- Establishes persistent SOCKS 5 proxy via SSH remote forwarding (
-R) - Automatic algorithm profile negotiation for maximum compatibility, see
SSHTunnelManager - Runs as an Android 14-compatible foreground service with special-use flag
- Real-time connection state broadcast through
ConnectionStateHolder - On-device log viewer (
LogViewActivity) for troubleshooting - Stores and verifies host keys (StrictHostKeyChecking)
- Kotlin Coroutines for non-blocking IO
- The user provides SSH credentials (username, host, port, password and remote bind port).
SSHTunnelManagertries a series of algorithm profiles (modern, rsa, compat, etc.) to establish the session using JSch.- Once connected it requests remote port forwarding so the server listens on
remotePortand forwards traffic back to the handset’s local SOCKS proxy running onlocalhost:1080. - The proxy itself is implemented by
SocksForegroundServiceand remains active as a foreground service, satisfying Android background execution limits. - Status is reflected in a persistent notification and can be consumed by other components through
ConnectionStateHolder.
Coming soon – feel free to open a PR with screenshots!
- Clone the repo
git clone https://github.com/burbilog/android-as-proxy.git
cd android-as-proxy- Open the project in Android Studio Hedgehog (or newer) or build from CLI:
./gradlew assembleRelease- Sign the generated APK located under
app/build/outputs/apk/release/. - Install on your device:
adb install -r app/build/outputs/apk/release/app-release.apk- Android 7.0 (API 24)
- OpenSSH server you control (or any server that allows remote port forwarding)
The app requests:
FOREGROUND_SERVICE&FOREGROUND_SERVICE_SPECIAL_USEto keep the proxy alive.POST_NOTIFICATIONS(Android 13+) for status notifications.INTERNETto establish the tunnel.
- Launch AAP on the Android phone that will reside in the target country.
- Fill in SSH host, user, authentication method, and choose an unused Remote port (e.g.
2222). - Tap Start. When the notification switches to Connected the SSH server is now listening on that remote port and forwarding into the phone’s local SOCKS 5 instance.
- From your desktop/laptop establish the secondary tunnel detailed below (Accessing the proxy from your computer) or—if your client program runs directly on the SSH server—configure it to use
localhost:<REMOTE_PORT>as a SOCKS 5 proxy.
Logs can be inspected via Overflow → View logs. This screen tail-streams the internal AAPLog buffer for troubleshooting.
After AAP reports Connected, the SOCKS 5 service is listening on the SSH server (at the remote port you configured), not directly on the phone.
To consume it from your desktop or laptop open a second, local SSH tunnel that bridges your machine to that remote bind port.
ssh -N -L 1080:localhost:<REMOTE_PORT> <USER>@<SERVER_IP>;• <REMOTE_PORT> – the same remote port configured in AAP
• 1080 – any free local port (1080 is conventional for SOCKS proxies)
Keep this shell running. All applications that use the SOCKS 5 proxy localhost:1080 will now exit through the Android phone in the target country.
- Launch PuTTY and enter the server’s hostname/IP under Session.
- Go to Connection → SSH → Tunnels and add a new Local forwarding:
- Source port:
1080 - Destination:
localhost:<REMOTE_PORT> - Type: leave Local (do not pick Dynamic).
- Source port:
- Click Add, return to Session and Open the connection, then authenticate.
- Keep the PuTTY window open while you browse.
Finally, configure your browser or other tools to use SOCKS 5 proxy localhost:1080. All traffic will traverse:
your PC ──► ssh -L 1080 … ──► SSH server ──► remotePort ──► phone ──► Internet
Pull requests are welcome. For major changes please open an issue first to discuss what you would like to change. Make sure to run ./gradlew lint ktlintFormat detekt before submitting.
- SSH keys auth in addition to password auth
- Settings screen for multiple profiles
- Public build on F-Droid
- Localization (RU, etc)
Android As Proxy is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License v3.0 as published by
the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see https://www.gnu.org/licenses/.
Roman V. Isaev rm@isaeff.net
Happy tunneling!