Picture: Midjourney
A Mullvad VPN person has found that Android gadgets leak DNS queries when switching VPN servers although the “Always-on VPN” characteristic was enabled with the “Block connections without VPN” choice.
“Always-on VPN” is designed to begin the VPN service when the gadget boots and maintain it operating whereas the gadget or profile is on.
Enabling the “Block Connections Without VPN” choice (also referred to as a kill swap) ensures that ALL community site visitors and connections cross by way of the always-connected VPN tunnel, blocking prying eyes from monitoring the customers’ internet exercise.
Nevertheless, as Mullvad came upon whereas investigating the problem noticed on April 22, an Android bug leaks some DNS info even when these options are enabled on the most recent OS model (Android 14).
This bug happens whereas utilizing apps that make direct calls to the getaddrinfo C operate, which gives protocol-independent translation from a textual content hostname to an IP tackle.
They found that Android leaks DNS site visitors when a VPN is lively (however no DNS server has been configured) or when a VPN app re-configures the tunnel, crashes, or is pressured to cease.
“We have now not discovered any leaks from apps that solely use Android API:s corresponding to DnsResolver. The Chrome browser is an instance of an app that may use getaddrinfo immediately,” Mullvad defined.
“The above applies regardless of whether ‘Always-on VPN’ and ‘Block connections without VPN’ is enabled or not, which is not expected OS behavior and should therefore be fixed upstream in the OS.”
Potential mitigations
Mullvad stated that the primary DNS leak state of affairs, the place the person switches to a different server or adjustments the DNS server, may be mitigated simply by setting a bogus DNS server whereas the VPN app is lively.
Nevertheless, it has but to discover a repair for the VPN tunnel reconnect DNS question leak, which is legitimate for all different Android VPN apps seeing that they are additionally possible impacted by this difficulty.
“It should be made clear that these workarounds should not be needed in any VPN app. Nor is it wrong for an app to use getaddrinfo to resolve domain names,” Mullvad defined.
“Instead, these issues should be addressed in the OS in order to protect all Android users regardless of which apps they use.”
In October 2022, Mullvad additionally discovered that Android gadgets had been leaking DNS queries (e.g., IP addresses, DNS lookups, and HTTPS site visitors) each time they linked to a WiFi community due to connectivity checks even when “Always-on VPN” was toggled on with “Block connections without VPN” enabled.
DNS site visitors leaks current a major threat to person privateness, probably exposing their approximate places and the net platforms they have interaction with.
Given the seriousness of this difficulty, chances are you’ll wish to cease utilizing Android gadgets for delicate actions or implement extra safeguards to mitigate the danger of such leaks till Google resolves the bug and backports the patch to older Android variations.
Â
Replace Might 03, 17:02 EDT: AÂ Google spokesperson despatched the next assertion:Â “Android security and privacy is a top priority. We’re aware of this report and are looking into its findings.”
