Leaks some traffic even when alwayson
– Many VPNs actually rely on the results of these connectivity checks to function,
– The checks are neither the only nor the riskiest exemptions from VPN connections,
– The privacy impact is minimal, if not insignificant, because the leaked information is already available from the L2 connection.
Leaks some traffic even when alwayson
binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror –> 166743705 story
Android Leaks Some Traffic Even When ‘Always-On VPN’ Is Enabled (bleepingcomputer.com) 30 –> 30
Posted by BeauHD on Wednesday October 12, 2022 @06:40PM from the false-advertising dept.
Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the “Block connections without VPN,” or “Always-on VPN,” features is enabled. BleepingComputer reports: The data being leaked outside VPN tunnels includes source IP addresses, DNS lookups, HTTPS traffic, and likely also NTP traffic. This behavior is built into the Android operating system and is a design choice. However, Android users likely didn’t know this until now due to the inaccurate description of the “VPN Lockdown” features in Android’s documentation. Mullvad discovered the issue during a security audit that hasn’t been published yet, issuing a warning yesterday to raise awareness on the matter and apply additional pressure on Google.
Android offers a setting under “Network & Internet” to block network connections unless you’re using a VPN. This feature is designed to prevent accidental leaks of the user’s actual IP address if the VPN connection is interrupted or drops suddenly. Unfortunately, this feature is undercut by the need to accommodate special cases like identifying captive portals (like hotel WiFi) that must be checked before the user can log in or when using split-tunnel features. This is why Android is configured to leak some data upon connecting to a new WiFi network, regardless of whether you enabled the “Block connections without VPN” setting.
Mullvad reported the issue to Google, requesting the addition of an option to disable connectivity checks. “This is a feature request for adding the option to disable connectivity checks while “Block connections without VPN” (from now on lockdown) is enabled for a VPN app,” explains Mullvad in a feature request on Google’s Issue Tracker. “This option should be added as the current VPN lockdown behavior is to leaks connectivity check traffic (see this issue for incorrect documentation) which is not expected and might impact user privacy.” In response to Mullvad’s request, a Google engineer said this is the intended functionality and that it would not be fixed for the following reasons:
– Many VPNs actually rely on the results of these connectivity checks to function,
– The checks are neither the only nor the riskiest exemptions from VPN connections,
– The privacy impact is minimal, if not insignificant, because the leaked information is already available from the L2 connection.
Mullvad countered these points and the case remains open.
Android ‘Always-On VPN’ Reportedly Leaks Some Data — Does it Include IP Addresses?
Android’s “Always-On VPN” feature reportedly leaks some data and traffic each time its users connect their smartphones to a Wi-Fi internet connection.
Mullvad VPN has discovered a flaw in the two VPN options of Android, including “Block connections without VPN” and “Always-on VPN.”
(Photo : GABRIEL BOUYS/AFP via Getty Images )
A guest takes a selfie with her smartphone during the Mercedes Benz Fashion Week in Madrid on April 8, 2021.
Android ‘Always-On VPN’ Reportedly Leaks Some Data, Traffic
As per the latest report by Bleeping Computer, Mullvad VPN discovered that the “VPN Lockdown” features of the mobile operating system of Google, Android, is apparently leaking some traffic.
The Swedish-based VPN service learned about the built-in issue on Android in a recent security audit, which has yet to be publicly published.
But despite that, Mullvad swiftly issued a warning regarding the issue. It should not only make Android users aware of it. Instead, the VPN service notes that it is also meant to pressure the search engine giant, Bleeping Computer notes in its report.
The Swedish VPN services disclosed that Android VPN features are leaking some traffic of its users when they connect to a Wi-Fi connection.
Mullvad notes that even if users have already turned on the “Always-On VPN” and “Block connections with VPN” features on their Android devices, it still leaks some traffic.
What Exactly is Potentially Being Leaked?
Bleeping Computer states in the same report that the leaked traffic and data include the source IP address and DNS lookup of Android users. Not to mention that it could potentially leak some HTTPS traffic and NTP traffic as well.
(Photo : GABRIEL BOUYS/AFP via Getty Images)
Visitors walk past the Android stand at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. – Phone makers will focus on foldable screens and the introduction of blazing fast 5G wireless networks at the world’s biggest mobile fair starting February 25 in Spain as they try to reverse a decline in sales of smartphones.
And it turns out that the leaked traffic is not occurring accidentally, Mullvad VPN reveals. Instead, the VPN service claims that Google designed Android that way.
However, Mullvad says that Android phone users might not be aware of this built-in design, wherein some of their traffic is being leaked.
The VPN platform says that Google provides what looks to be an “inaccurate description” of its VPN Lockdown feature for Android users.
The complaint of Mullvad to Google states that the “documentation regarding “Block connections without VPN” (from now on lockdown) is incorrect.” It comes as “connectivity check traffic intentionally leaks (sent outside the VPN tunnel) while establishing network connectivity, even though lockdown is activated for a VPN app.”
The current documentation by the renowned tech giant says that “the system blocks any network traffic that [does not] use the VPN.” But Mullvad VPN believes that it is inaccurate as some traffic is being leaked when connecting to a Wi-Fi connection.
This article is owned by Tech Times
Written by Teejay Boris