Android’s Design Leaks Some VPN Traffic Data, Google Calls It “Intended Behavior”

/in


Android devices with a VPN purposefully leak some traffic, including IP addresses and DNS/HTTP(S) requests, when connecting to a wireless network. According to a security audit by Mullvad VPN, leaking a small amount of data is inherent to the mobile operating system, something that third-party VPNs cannot prevent or control.

The Europe-based VPN service provider said that enabling Always-on VPN and Block connections without VPN doesn’t help either. Mullvad VPN noted that the bug (Google argues it is a feature) is built into Android.

“We have looked into the feature request you have reported and would like to inform you that this is working as intended,” a Google engineer told Mullvad VPN on the search giant’s issue tracker page. “ We do not think such an option would be understandable by most users, so we don’t think there is a strong case for offering this.”

Let us see how VPNs on Android function.

When an Android device connects to a public network, it performs certain checks before successfully establishing a connection. To perform these checks, Mullvad VPN discovered that Android sends data outside the secure tunnel that shields users from the internet.

Block connections without VPN is an Android setting designed to prevent this, which may happen during connectivity checks. Split tunneling can also leak a part of the traffic over the underlying network, Google pointed out.

“We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal [a webpage usually displayed after a device connects to a new public network] on the network, the connection will be unusable until the user has logged in to it,” Mullvad VPN wrote.

See More: Built-in iOS VPNs Leaking Traffic Data From Over Two Years Ago

“So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models,” the company added.

Indeed, because the small amount of data that the OS leaks includes DNS lookups, HTTP(S) and possibly NTP traffic, and the user IP address (as metadata), precisely what users intend to…

Source…