diff --git a/autovpn/vpn_app.py b/autovpn/vpn_app.py
index 912c5ccecc434a4176a0f167bb1aab99cc0bd01b..9cc853d2b6832b748a0bdb9fb893b6d9acf45cad 100644
--- a/autovpn/vpn_app.py
+++ b/autovpn/vpn_app.py
@@ -47,6 +47,31 @@ ns-cert-type server
 tls-auth tlsauth.key 1
 '''
 
+# Specific config for Android
+ANDROID_CONFIG_TEMPLATE = '''
+client
+dev tun
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+
+remote %(vpn_endpoint)s 1194 udp
+remote %(vpn_endpoint)s 443 tcp
+
+; SSL configuration.
+ns-cert-type server
+key-direction 1
+crl-verify crl.pem
+<tls-auth>
+%(tlsauth)s
+</tls-aut>
+<pkcs12>
+%(pkcs12)s
+</pkcs12>
+'''
+
+
 TBLK_PLIST_TEMPLATE = '''<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -121,10 +146,10 @@ https://play.google.com/store/apps/details?id=de.blinkt.openvpn
 
 To use it:
 
-- Select the PKCS12 format for the credentials and select the
-  <uuid>.pfx file from the ZIP archive.
-
-- Ensure that LZO compression is disabled.
+- Copy the files android-%(cn)s.ovpn and crl.pem on your phone/tablet/etc.
+- Import the condiguration android-%(cn)s.ovpn into the OpenVPN app
+- Un-select the option for importing the PKCS12 certificate into Android Keystore
+- If asked for a password, just leave blank
 
 
 References
@@ -342,19 +367,23 @@ def new_cert_dl():
         subject = current_app.config.get('VPN_DEFAULT_SUBJECT_ATTRS', {}).copy()
         subject['CN'] = cn
 
+        # generate a new user certificate and pack it into PKCS12 format
         pkey, cert = g.ca.make_certificate(subject, days=validity)
+        crt_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+        key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
+        ca_pem = g.ca.get_ca()
+        pkcs12 = to_pkcs12(crt_pem, key_pem, ca_pem)
 
         # Create the zipfile in-memory, with all the files the user needs.
         vars = {'cn': cn,
                 'bundle_identifier': '.'.join(
-                current_app.config['VPN_ENDPOINT'].split('.')[::-1]) + '.' + cn,
+                    current_app.config['VPN_ENDPOINT'].split('.')[::-1]) + '.' + cn,
                 'vpn_endpoint': current_app.config['VPN_ENDPOINT'],
                 'vpn_site': current_app.config['VPN_SITE_URL'],
-                'expiry_date': expiry_date.strftime('%Y/%m/%d')}
-        ca_pem = g.ca.get_ca()
-        crt_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
-        key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
-        pkcs12 = to_pkcs12(crt_pem, key_pem, ca_pem)
+                'expiry_date': expiry_date.strftime('%Y/%m/%d'),
+                'tlsauth': current_app.config['TLS_AUTH_KEY'],
+                'pkcs12': pkcs12 }
+
         manifest = [
             ('ca.crt', ca_pem),
             ('crl.pem', g.ca.get_crl(format='pem')),
@@ -365,6 +394,9 @@ def new_cert_dl():
             ('openvpn-%s.conf' % cn, OPENVPN_CONFIG_TEMPLATE % vars),
             ('README.txt', README_TEMPLATE % vars),
 
+            # Android configuration
+            ('android-%s.ovpn' % cn, ANDROID_CONFIG_TEMPLATE % vars),
+
             # Tunnelblick configuration for OSX
             ('%s.tblk/Info.plist' % cn, TBLK_PLIST_TEMPLATE % vars),
             ('%s.tblk/config.ovpn' % cn, OPENVPN_CONFIG_TEMPLATE % vars),