Cwa-app-android: VPN prevents risk score calculation

Could it be that the VPN is changing HTTPS encryptions via proxying (some companies and chinese firewall are doing this)?

To prevent misuse the app is using certificate pinning (see #7), so it enforces to talk to the correct server by checking its certificate and fails if some proxy is de-/reencyrpting HTTPS traffic.

Could it be that the VPN is changing HTTPS encryptions via proxying (some companies and chinese firewall are doing this)?

To prevent misuse the app is using certificate pinning (see #7), so it enforces to talk to the correct server by checking its certificate and fails if some proxy is de-/reencyrpting HTTPS traffic.

Actually I'm running openVPN without any special tweaking and hence would assume it shall be for the app just an additional tunnel (?).

I'm also using a VPN and am not encountering any problems. Maybe check if it works if the phone is in the network of the VPN Server or if there is anything else blocking it, by visiting other websites?

Maybe check if it works if the phone is in the network of the VPN Server or if there is anything else blocking it, by visiting other websites?

Not exactly sure what you're proposing with "in the network". I can reach any other site, even banking app runs smoothly through the tunnel. Also, since this access is only needed in the moment of risk score update - I'm not aware how I could re-initiate that in order to test it further. I guess I only can wait 24h and see if the risk score ever changes.
Lets narrow it down a bit:
What VPN client do you use on the phone? (here: OpenVPN for Android 0.7.15)
What VPN server are you running on the server side? (here: OpenVPN 2.5)
What is the ISP of your exit-server? (here: Contabo)

Maybe check if it works if the phone is in the network of the VPN Server or if there is anything else blocking it, by visiting other websites?

Not exactly sure what you're proposing with "in the network". I can reach any other site, even banking app runs smoothly through the tunnel. Also, since this access is only needed in the moment of risk score update - I'm not aware how I could re-initiate that in order to test it further. I guess I only can wait 24h and see if the risk score ever changes.

I meant that currently, your phone is part of the private network through your VPN. My suggestion was to test what would happen if your phone was directly in your private network without going through your VPN first. This way you could see if it is a problem of your VPN or Router.
But if I understood it correctly, it seems like you have a hosted VPN server so that should be impossible to test.

But if I understood it correctly, it seems like you have a hosted VPN server so that should be impossible to test.

Yep, that's quite far away and I guess they wouldn't let me connect to their infrastructure ;-).

Anyway, I deleted and re-installed and didn't run into that issue again. Of course I'm not sure if the phone kept the info and didn't contact the backend for a new risk score calculation - or if it did and simply got through. So I'll close this issue now and re-open in case risk score will never be updated in the next some days.