Android leaks data even with VPN

Android devices leak traffic every time the device connects to WiFi networks, even if “Block connections without VPN” or “Always VPN on” are enabled.

leak

The BleepingComputer he says:

Τα δεδομένα που διαρρέουν έξω από τα VPN tunnels περιλαμβάνουν διευθύνσεις IP, DNS lookups, HTTPS traffic, καθώς και NTP traffic. Αυτή η συμπεριφορά είναι ενσωματωμένη στο λειτουργικό σύστημα Android και αποτελεί design. However, Android users probably didn't know about it until now due to the inaccurate description of the “VPN Lock” (VPN ) in the Android manual. The problem was discovered during a yet-to-be-published security audit.

Android offers a setting to “Network & Internet” to block network connections unless you are using a VPN. This feature is designed to prevent accidental leaks of the user's real IP address if the VPN connection is suddenly interrupted or dropped. Unfortunately, this capability is undermined by the need to accommodate special cases, such as identifying restricted gateways (such as a hotel's WiFi) that must be checked before the user can connect, or when using split-tunneling functions. That's why Android is configured to leak some data when connecting to a new WiFi network, regardless of whether you've turned on the “Block non-VPN connections” setting.

Google is aware (learned) of the problem, and should add an option to disable connectivity checks, as shown in a new feature request on Google's Issue Tracker.

A Google engineer of course Reported responding to the request that this is the intended functionality and will not be fixed for the following reasons:

  • Many VPNs actually rely on the results of these connectivity checks to work,
  • Audits are neither the only nor the most dangerous exceptions to VPN connections,
  • The privacy impact is minimal, if not negligible, because the leaked information is already available over the L2 link.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
vpn, android, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).