pull down to refresh

Any app on recent Android versions can leak certain traffic | Mullvad VPNmullvad.net/es/blog/any-app-on-recent-android-versions-can-leak-certain-traffic
100 sats \ 4 comments \ @i_am_a_seeker 16 May security

A recently discovered bug in Android 16 allows any app to leak traffic outside the VPN tunnel.

As reported in the post The Tiny UDP Cannon: An Android VPN Bypass, Android 16 introduced a bug that allows a malicious app to send traffic outside the VPN tunnel, including with “Always-On VPN” + “Block connections without VPN” turned on. This affects all VPN apps, not just Mullvad VPN. This blog post aims to spread knowledge about this issue to help keep our users safe.

Having traffic leak outside the tunnel means your real IP address becomes visible on the Internet, which could potentially be used for tracking or surveillance purposes.

The bug was reported to the Android Security Team, but was closed as Won’t Fix (Infeasible), as described in the linked article. After consulting with the report author (https://x.com/cybaqkebm), we reported the issue on the Android issue tracker. However, at the time of writing the issue is marked as inaccessible by Google for unknown reasons.

In contrast, GrapheneOS, a security-focused Android-based OS, quickly patched the issue in its codebase.

write
compose
related posts
8 sats \ 0 replies \ @DarthCoin 17 May

Yet, people are installing GrapheneOS and immediately add Aurora for downloading apps that DEPEND o Google services.
And they call that "de-goolgled phone" LOL

Aurora play store not just leak your usage, but also leak your IMEI.
The sandbox story is just fake to feel you "safe" of wearing a useless mask.

reply
22 sats \ 2 replies \ @k00b 16 May

see also #1489953

reply
1 sat \ 1 reply \ @i_am_a_seeker OP 16 May

Sorry @koob

reply
1 sat \ 0 replies \ @k00b 16 May

No need to be sorry. I do it too. Easy to miss stuff

reply