Android bug can leak DNS visitors with VPN kill swap enabled

Android leak

Picture: Midjourney

A Mullvad VPN consumer has found that Android gadgets leak DNS queries when switching VPN servers although the “All the time-on VPN” function was enabled with the “Block connections with out VPN” possibility.

“All the time-on VPN” is designed to begin the VPN service when the system boots and preserve it operating whereas the system or profile is on.

Enabling the “Block Connections With out VPN” possibility (also referred to as a kill swap) ensures that ALL community visitors and connections cross via the always-connected VPN tunnel, blocking prying eyes from monitoring the customers’ net exercise.

Nevertheless, as Mullvad came upon whereas investigating the difficulty noticed on April 22, an Android bug leaks some DNS data even when these options are enabled on the newest OS model (Android 14).

This bug happens whereas utilizing apps that make direct calls to the getaddrinfo C perform, which gives protocol-independent translation from a textual content hostname to an IP handle.

They found that Android leaks DNS visitors when a VPN is energetic (however no DNS server has been configured) or when a VPN app re-configures the tunnel, crashes, or is pressured to cease.

“We’ve not discovered any leaks from apps that solely use Android API:s comparable to DnsResolver. The Chrome browser is an instance of an app that may use getaddrinfo instantly,” Mullvad defined.

“The above applies no matter whether or not ‘All the time-on VPN’ and ‘Block connections with out VPN’ is enabled or not, which isn’t anticipated OS habits and will subsequently be mounted upstream within the OS.”

Potential mitigations

Mullvad mentioned that the primary DNS leak situation, the place the consumer switches to a different server or adjustments the DNS server, could be mitigated simply by setting a bogus DNS server whereas the VPN app is energetic.

Nevertheless, it has but to discover a repair for the VPN tunnel reconnect DNS question leak, which is legitimate for all different Android VPN apps seeing that they are additionally probably impacted by this difficulty.

“It ought to be made clear that these workarounds shouldn’t be wanted in any VPN app. Neither is it incorrect for an app to make use of getaddrinfo to resolve domains,” Mullvad defined.

“As an alternative, these points ought to be addressed within the OS with a view to shield all Android customers no matter which apps they use.”

In October 2022, Mullvad additionally discovered that Android gadgets have been leaking DNS queries (e.g., IP addresses, DNS lookups, and HTTPS visitors) each time they linked to a WiFi community due to connectivity checks even when “All the time-on VPN” was toggled on with “Block connections with out VPN” enabled.

DNS visitors leaks current a big danger to consumer privateness, doubtlessly exposing their approximate places and the net platforms they interact with.

Given the seriousness of this difficulty, you could wish to cease utilizing Android gadgets for delicate actions or implement extra safeguards to mitigate the chance of such leaks till Google resolves the bug and backports the patch to older Android variations.


Replace Could 03, 17:02 EDT: A Google spokesperson despatched the next assertion: “Android safety and privateness is a prime precedence. We’re conscious of this report and are wanting into its findings.”

Recent Articles

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here