VPN Hotspot Is Not What Google Thinks It Is
Search “VPN Hotspot review” and every result on page one will hand you a write-up of Hotspot Shield – a commercial VPN service from Pango. That’s not what this is. VPN Hotspot is a free, open-source Android utility by developer Mygod, distributed through GitHub and F-Droid, that does something no VPN provider offers: it takes the VPN tunnel already running on your phone and shares it across every device connected to your hotspot, USB tether, Bluetooth tether, or Wi-Fi repeater.
The Verdict Up Front
VPN Hotspot solves one narrow problem brilliantly: routing a Nintendo Switch, smart TV, laptop, or four hotel-room devices through your single Mullvad or ProtonVPN subscription, with the VPN client running on your Android phone. It costs nothing, has no ads, no telemetry, and 5,800+ GitHub stars worth of community vetting.
The catch is enormous: it requires root access via Magisk. That single requirement disqualifies 95% of Android users. If your phone isn’t rooted and you don’t plan to root it, close this tab and buy a GL.iNet travel router instead. If you are rooted, keep reading – this tool is the answer.
Quick verdict
Pros
- +Completely free with no ads or subscription fees
- +Open-source code auditable by anyone on GitHub
- +Supports Wi-Fi, USB, Bluetooth, and repeater tethering
- +Works with WireGuard, OpenVPN, and most VPN clients
- +5,800+ GitHub stars signal strong community trust
Cons
- –Root access is mandatory — no workaround exists
- –No kill switch for hotspot clients if VPN drops
- –Zero official support channel beyond GitHub issues
- –Not available on Google Play — sideload or F-Droid only
What is VPN Hotspot?
Let’s clear up the confusion that the entire first page of Google has created: VPN Hotspot is not Hotspot Shield. It’s not a VPN service. It has no servers, no monthly fee, no encryption stack of its own, and no marketing budget.
VPN Hotspot is an open-source Android utility built by a developer who goes by Mygod, hosted at github.com/Mygod/VPNHotspot. Its single job: take a VPN tunnel that’s already running on your phone and extend it to every device connected to your phone’s hotspot, USB tether, or Bluetooth tether. That’s it. That’s the whole product.
The architecture in one diagram
The traffic flow looks like this:
Connected device → phone’s hotspot interface → VPN Hotspot routing layer → active VPN tunnel (Mullvad, ProtonVPN, WireGuard, OpenVPN) → VPN server → internet
By default, Android does not route hotspot client traffic through the phone’s VPN. Plug a laptop into your phone’s Wi-Fi hotspot while Mullvad is running, and the laptop goes out over your raw cellular IP. VPN Hotspot patches that gap at the iptables level, forcing tethered traffic into the existing tunnel.
Why this distinction matters
You still need a real VPN. Install Mullvad, ProtonVPN, or any WireGuard/OpenVPN client first. VPN Hotspot is the bridge, not the boat. If you don’t already pay for – or self-host – a VPN, this tool does nothing for you.
Distribution and trust
The app ships through GitHub releases and F-Droid, with a prior Google Play presence. Source code is fully auditable, the project sits north of 5,800 stars, and the donation-funded model means there’s no incentive to harvest your traffic – because it never touches the developer’s infrastructure in the first place.
Key Features
VPN Hotspot is a small app with a focused job, but the surface area where things can go wrong – root, tethering modes, VPN protocol quirks, DNS handling – is large. Here’s what you actually get and where the edges are.
Supported Tethering Modes
The app hooks into every standard Android tethering interface, not just Wi-Fi. That matters if you’re sharing to a laptop in a hotel with flaky 2.4GHz, or to a device with no Wi-Fi radio at all.
| Tethering Mode | Android Version Required | Notes |
|---|---|---|
| Wi-Fi Hotspot | Android 5.0+ | Most common use case |
| USB Tethering | Android 5.0+ | Useful for laptops without Wi-Fi |
| Bluetooth Tethering | Android 5.0+ | Lower bandwidth, higher latency |
| Wi-Fi Repeater | Android 6.0+ | Extends existing Wi-Fi through VPN |
Repeater mode is the underrated one – it lets you join a hotel or coffee shop Wi-Fi on your phone, pipe it through your VPN, and rebroadcast a clean SSID for everything else you’re carrying.
VPN Protocol and App Compatibility
Compatibility depends on whether the VPN client creates a standard tun interface that Android exposes to the system routing table. Modern protocols do; legacy ones are inconsistent.
| VPN App / Protocol | Compatibility | Notes |
|---|---|---|
| WireGuard | Confirmed | Recommended for performance |
| OpenVPN | Confirmed | Works via tun interface |
| Mullvad | Confirmed | Uses WireGuard or OpenVPN |
| ProtonVPN | Confirmed | Standard protocol modes |
| IPSec/IKEv2 | Partial | Device-dependent behavior |
| PPTP/L2TP | Not recommended | Deprecated protocols, inconsistent |
If you’re picking a VPN specifically to pair with this, go WireGuard. Mullvad’s Android app plus VPN Hotspot is the cleanest combination we’ve tested.
Root Requirement – What It Actually Means
Root access lets an app modify Android’s network interfaces at the system level. VPN Hotspot needs that to intercept traffic on the tethering interface and force it through your VPN’s tun device. No root, no rerouting – there’s no userspace workaround.
Magisk is the supported root method, and it’s the one you should use anyway in 2026. Older SuperSU setups may function but aren’t tested against current releases. Rooting voids most manufacturer warranties, trips Samsung Knox permanently (the eFuse doesn’t reset), and breaks Play Integrity, which means banking apps, Google Wallet, and a growing list of streaming services will refuse to launch.
Realistically, fewer than 5% of Android users run rooted devices. If you’re not already one of them, installing Magisk just to use this app isn’t a sensible trade.
Security Behavior and DNS Leak Risks
When the VPN tunnel is up, hotspot clients inherit its encryption – their packets exit your phone’s tun interface the same as native traffic. That’s the good news.
The bad news: DNS handling isn’t automatic. If your VPN app doesn’t push its DNS servers to the tethering interface, hotspot clients will query whatever DNS the carrier handed your phone, leaking domain lookups in cleartext while the payload stays encrypted. Test with dnsleaktest.com from a connected client before you trust the setup.
There’s also no kill switch at the hotspot level. If your VPN drops mid-session, VPN Hotspot does not automatically sever the tethered clients – their traffic can fall back to the raw carrier connection without any visible warning on the client device. The mitigation is to use a VPN app with a device-level kill switch. Mullvad and ProtonVPN both implement this correctly on Android, blocking all traffic system-wide when the tunnel fails, which cascades to hotspot clients by starving them of any route at all.
Pricing and Distribution
VPN Hotspot costs nothing. Not a freemium trial, not a 7-day intro, not a “free with ads” gimmick – genuinely free, with no premium tier waiting behind a paywall. The developer, Mygod, accepts voluntary donations through GitHub Sponsors, and that is the entire revenue model.
| Distribution Channel | Cost | Auto-updates | Notes |
|---|---|---|---|
| GitHub Releases | Free | Manual | Primary source, always latest version |
| F-Droid | Free | Via F-Droid client | Open-source repository, verified builds |
| Google Play | Free (historical) | Automatic | Listing status varies – verify before downloading |
| Donations (GitHub Sponsors) | Voluntary | N/A | Only revenue model; no premium tier exists |
For most users, F-Droid is the sweet spot. You get reproducible, verified builds from an open-source repository, plus automatic update notifications through the F-Droid client. GitHub Releases gives you the bleeding edge – useful if you need a bug fix that hasn’t propagated to F-Droid yet – but you’ll need to sideload APKs manually and check back for new versions yourself.
The Google Play listing has come and gone over the years depending on Play Store policy enforcement against root-requiring apps. Don’t assume it’s there; check before recommending it to anyone.
The GitHub-based model matters beyond price. Update cadence ties to developer commits rather than store review queues, so security fixes ship fast. More importantly, the full source is auditable – you can read exactly what the app does with your VPN traffic. Try that with Hotspot Shield or any commercial VPN tethering app.
How to Set Up VPN Hotspot on Android
Setup is faster than you’d expect – assuming you cleared the root hurdle. Budget 10 minutes end to end, plus however long it takes to confirm your VPN provider plays nicely with shared interfaces.
Step 1: Confirm Your Device Is Rooted with Magisk
Open Magisk Manager and check that the home screen shows “Installed” next to both Magisk and the Ramdisk status. Tap through to Superuser and make sure the grant prompt list is populated – if it’s empty, root access isn’t actually wired up. Run a quick integrity check via the Magisk app’s built-in test or a tool like Root Checker.
No root, no VPN Hotspot. The app silently fails to bind to system interfaces without superuser, and there’s no workaround. If your bootloader is locked or your device is on a recent Android security patch that broke your root setup, fix that first.
Step 2: Install VPN Hotspot via F-Droid or GitHub
Grab F-Droid from f-droid.org, install the client APK, then search “VPN Hotspot” and tap install. F-Droid is the cleanest path because it handles updates automatically and verifies signatures.
If you’d rather skip F-Droid, pull the latest signed APK directly from github.com/Mygod/VPNHotspot/releases and sideload it. When you launch the app for the first time, Magisk will prompt for root access – grant it permanently, not just once.
Step 3: Connect Your VPN App First
Open your VPN client – WireGuard, Mullvad, ProtonVPN, OpenVPN for Android, whatever you’re using – and connect to a server. Wait for the tunnel to show “Connected” and the key icon to appear in your status bar.
This order matters. VPN Hotspot does not initiate the tunnel; it piggybacks on whatever VPN tunnel is already established by another app. If no tunnel is active when you toggle sharing, you’ll broadcast unprotected traffic to every connected device.
Step 4: Enable Hotspot Sharing in VPN Hotspot
Launch VPN Hotspot. The main screen lists your active network interfaces – typically wlan0 (your Wi-Fi connection), tun0 (the VPN tunnel itself), and either wlan1 (Wi-Fi hotspot) or rndis0 (USB tethering) once you enable sharing.
Toggle on the interface matching your sharing mode. Then enable Android’s native hotspot from Settings > Network & internet > Hotspot & tethering. Connected devices now route through tun0 instead of your carrier connection.
Step 5: Verify VPN Coverage on Connected Devices
From a connected laptop or tablet, open ipleak.net and dnsleaktest.com. The reported IP should match your VPN server’s location, not your carrier’s. DNS entries should belong to your VPN provider – Mullvad shows mullvad.net, ProtonVPN shows Proton’s resolvers.
If you see your ISP’s DNS, enable the kill switch and “Block connections without VPN” in your VPN app, restart the tun
Real-World Use Cases
VPN Hotspot earns its keep in five specific scenarios. If none of these describe you, the root requirement isn’t worth the trouble.
Hotel and Airbnb travel. You’re paying for one Mullvad or ProtonVPN subscription. Your phone tunnels to a Stockholm exit, and your laptop, Kindle, and Chromecast all ride the same tunnel through your phone’s hotspot. No travel router, no second subscription, no Smart TV begging you to accept its terms in a foreign language.
Corporate VPN bridging. Your work laptop needs to reach an internal resource but you don’t want IT installing their VPN client on your personal machine. Connect the corporate VPN on your phone (or a spare Android), share it via USB tethering, and your laptop inherits the route. Read your employment contract first – this is a policy minefield.
IoT and console protection. A PlayStation 5, Apple TV, Roku stick, or smart fridge cannot run WireGuard. Hand them a VPN-tunneled hotspot and they’re protected without firmware hacks or a dedicated GL.iNet router.
Stretching connection limits. Mullvad caps you at five devices. A household with two laptops, three phones, a tablet, and two TVs blows past that fast. One phone running VPN Hotspot collapses an entire room of devices into a single VPN seat.
High-stakes privacy work. Journalists in restrictive regions, researchers handling sensitive sources, or activists at protests can route every nearby device – colleague’s laptop, backup phone, recording equipment – through one audited VPN exit they actually trust, rather than trusting each device’s individual VPN configuration.
Outside these cases, a $30 travel router with OpenWrt is probably the smarter buy.
Pros and Cons
Six years of active development, a permissive open-source license, and zero monetization make VPN Hotspot a rare animal. The catch: it asks more of you than almost any other privacy tool on Android.
Pros
- Genuinely free and open source – Apache 2.0 licensed on GitHub with 5,800+ stars, no ads, no telemetry, no upsell.
- Works with any VPN client – WireGuard, OpenVPN, Mullvad, ProtonVPN, or anything using Android’s VpnService API.
- Multiple tethering modes – Wi-Fi hotspot, USB, Bluetooth, and repeater mode in one app.
- Active maintenance – Mygod ships regular updates and responds to GitHub issues, unlike most root-only utilities.
- Available on F-Droid and Google Play – you’re not stuck sideloading APKs from sketchy mirrors.
- No subscription creep – donation-based, so it can’t enshittify on you next quarter.
Cons
- Root is mandatory – Magisk on an unlocked bootloader excludes 95%+ of Android users and voids most warranties.
- Android-only – no iOS, no desktop, no router firmware.
- No built-in kill switch at the hotspot layer – if your phone’s VPN drops, clients can leak until the tunnel reconnects.
- DNS leak risk depends entirely on your upstream VPN client’s configuration.
- Support is GitHub issues only – no email, no chat, no SLA.
- Steeper learning curve than installing NordVPN on a laptop.
Alternatives to VPN Hotspot
If unlocking your bootloader is a non-starter – and for most people in 2026, it should be – you have three serious alternatives and one niche one. None are free in the way VPN Hotspot is, but each removes the root barrier.
| Alternative | Root Required | Cost | Best For |
|---|---|---|---|
| Travel Router with VPN (GL.iNet) | No | $30-$80 hardware | Non-rooted users, permanent multi-device setup |
| Windows Mobile Hotspot + VPN | No | Free (Windows built-in) | Laptop users sharing to phone or tablet |
| VPN with 10+ simultaneous connections (Surfshark) | No | ~$2-4/month | Users who just need more device slots |
| Rethink DNS + Firewall (Android) | No | Free | Single-device DNS and VPN management, no sharing |
The GL.iNet Beryl AX or Slate AX is the closest functional replacement. Flash a WireGuard config from Mullvad or ProtonVPN, plug it into hotel ethernet or chain it off your phone’s hotspot, and every connected device routes through the tunnel. Under $50, no warranty-voiding, and OpenWrt updates are still shipping in 2026.
Windows 11’s built-in Mobile Hotspot can rebroadcast a VPN connection if you bridge the network adapter manually – it’s clunky but free and built into hardware you already own. macOS dropped this capability years ago, so Mac users are stuck with a travel router.
Surfshark and Private Internet Access offer unlimited simultaneous connections, which sidesteps the whole sharing problem if your only goal is covering more devices individually. You’re paying ~$2-4/month instead of going free, but each device gets its own tunnel with no single point of failure.
Rethink DNS isn’t a sharing tool at all – it’s a per-app firewall and DNS-over-HTTPS client for one Android device. Listed here because it’s the open-source Android privacy tool people often confuse with VPN Hotspot’s mission.
For the full landscape, see our 2026 VPN Tools roundup.
Verdict: Who Should Actually Use VPN Hotspot
VPN Hotspot earns its #5 slot on our VPN Tools list because it solves a problem no commercial product touches for free: extending a single Android VPN tunnel to every device sharing your hotspot. That’s a narrow win, but a real one.
The root requirement is not negotiable. If you’re running stock Android and the words “Magisk patch” make you uneasy, close this tab and buy a travel VPN router instead. You will brick something or, worse, build a setup that silently leaks DNS. Do not treat rooting as optional homework.
For the right user – a rooted Android owner who travels, runs a Mullvad or ProtonVPN subscription across a laptop and a Chromecast, or wants to push a WireGuard tunnel to IoT junk that can’t speak VPN natively – this is genuinely the best free option in existence. The 5,800+ GitHub stars, active commit history, and F-Droid distribution give it the trust signals a network-level utility needs.
Rating: 7.8/10. Near-perfect for its target user, completely irrelevant for everyone else. The score reflects the audience ceiling, not the engineering – which is excellent.
Frequently asked questions
Does VPN Hotspot work without root?
No – VPN Hotspot requires root access on Android 7.0 or higher to forward tethered traffic through your VPN’s tun0 interface. The developer (Mygod) is explicit about this in the GitHub README, and workarounds using ADB or shizuku don’t fully replicate the iptables manipulation the app performs. If your device isn’t rooted, look at one-tap repeater mode or a travel router running OpenWrt instead.
Which VPN apps are compatible with VPN Hotspot?
Most VPN clients that create a standard tun0 interface work fine, including OpenVPN for Android, WireGuard, Mullvad, IVPN, ProtonVPN, and NordVPN. Apps that use proprietary networking stacks or split-tunneling features can cause routing conflicts – ExpressVPN’s Android client has been flagged in the project’s GitHub issues for inconsistent behavior. Test with a known-good client like WireGuard first to confirm your setup before troubleshooting a paid VPN.
What happens to hotspot traffic if my VPN disconnects?
By default, VPN Hotspot routes tethered traffic through whatever interface is active, so a dropped VPN connection means devices fall back to your raw mobile or Wi-Fi connection – exposing their real IP. Enable the “Disable upstream when VPN disconnects” option in settings to enforce a kill switch on the hotspot side. Pair that with your VPN app’s own kill switch (WireGuard’s “Block connections without VPN” toggle is reliable) for redundant protection.
Is VPN Hotspot safe to use – can I trust the open-source code?
The source is published on GitHub under the Apache 2.0 license, and the project has been maintained since 2018 with over 3,000 stars and regular commits. It’s been audited informally by the rooted Android community on XDA, and no malicious behavior has been reported. That said, root apps always carry risk – install only from the official GitHub releases or Google Play listing, never from random APK mirrors.
Where can I download VPN Hotspot if it’s not on Google Play?
VPN Hotspot is still on Google Play as of 2026, but the most current builds ship first on GitHub Releases. F-Droid mirrors via the IzzyOnDroid repository if you prefer that ecosystem. Avoid APKPure and similar third-party sites – they’ve hosted outdated or repackaged versions of the app in the past.
