The security of the "green robot" failed in a critical scenario.
Android users experienced DNS query leaks when changing VPN servers, despite the "Always On VPN" and "Block Connections Without VPN"features enabled. The problem was detected in the latest version of the Android 14 operating system and was identified by Mullvad, the developer of the VPN service of the same name.
The "Always On VPN" feature is designed to keep the VPN running continuously from the moment the device is booted up. The "Block Connections Without VPN" option, also known as "Kill Switch", should ensure that all network traffic passes through a secure VPN tunnel, preventing monitoring of users web activity.
However, it was found that some applications that call the getaddrinfo function to convert a text hostname to an IP address leak DNS data. This applies to cases when the VPN is active without a configured DNS server, as well as when the VPN tunnel is reconfigured, crashes, or forced to stop.
The problem even affects applications such as the Chrome browser that can directly use getaddrinfo. However, activating the above settings in the VPN does not stop the leak, which is an unexpected behavior of the operating system and requires correction.
Mullvad points out possible ways to reduce the risk of leaks: you can set an invalid DNS server while the VPN application is active. However, an effective solution for leaks when reconnecting the VPN tunnel has not yet been found.
The company emphasizes the need to fix this issue at the operating system level in order to protect the privacy of all Android users.
In light of the severity of the detected problem, Android users are advised to use VPN services with caution for confidential activities or apply additional security measures until Google fixes the error.
Google itself quickly responded to Mullvad's investigations and stated that Android's security and privacy are the company's top priority, adding that the development team is aware of the issue and is already closely investigating it.
It is worth noting that in October 2022, the Mullvad team also discovered DNS data leaks when connecting devices to WiFi, which compromised the privacy of users, including their approximate location and visited online platforms.
Android users experienced DNS query leaks when changing VPN servers, despite the "Always On VPN" and "Block Connections Without VPN"features enabled. The problem was detected in the latest version of the Android 14 operating system and was identified by Mullvad, the developer of the VPN service of the same name.
The "Always On VPN" feature is designed to keep the VPN running continuously from the moment the device is booted up. The "Block Connections Without VPN" option, also known as "Kill Switch", should ensure that all network traffic passes through a secure VPN tunnel, preventing monitoring of users web activity.
However, it was found that some applications that call the getaddrinfo function to convert a text hostname to an IP address leak DNS data. This applies to cases when the VPN is active without a configured DNS server, as well as when the VPN tunnel is reconfigured, crashes, or forced to stop.
The problem even affects applications such as the Chrome browser that can directly use getaddrinfo. However, activating the above settings in the VPN does not stop the leak, which is an unexpected behavior of the operating system and requires correction.
Mullvad points out possible ways to reduce the risk of leaks: you can set an invalid DNS server while the VPN application is active. However, an effective solution for leaks when reconnecting the VPN tunnel has not yet been found.
The company emphasizes the need to fix this issue at the operating system level in order to protect the privacy of all Android users.
In light of the severity of the detected problem, Android users are advised to use VPN services with caution for confidential activities or apply additional security measures until Google fixes the error.
Google itself quickly responded to Mullvad's investigations and stated that Android's security and privacy are the company's top priority, adding that the development team is aware of the issue and is already closely investigating it.
It is worth noting that in October 2022, the Mullvad team also discovered DNS data leaks when connecting devices to WiFi, which compromised the privacy of users, including their approximate location and visited online platforms.
