Gandalf_The_Grey
Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,084
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option.
"Always-on VPN" is designed to start the VPN service when the device boots and keep it running while the device or profile is on.
Enabling the "Block Connections Without VPN" option (also known as a kill switch) ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users' web activity.
However, as Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version (Android 14).
This bug occurs while using apps that make direct calls to the getaddrinfo C function, which provides protocol-independent translation from a text hostname to an IP address.
They discovered that Android leaks DNS traffic when a VPN is active (but no DNS server has been configured) or when a VPN app re-configures the tunnel, crashes, or is forced to stop.
"We have not found any leaks from apps that only use Android API:s such as DnsResolver. The Chrome browser is an example of an app that can use getaddrinfo directly," Mullvad explained.
"The above applies regardless of whether 'Always-on VPN' and 'Block connections without VPN' is enabled or not, which is not expected OS behavior and should therefore be fixed upstream in the OS."
Android bug can leak DNS traffic with VPN kill switch enabled
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option.
www.bleepingcomputer.com