Android Loses Traffic Even When “Always On VPN” Is Enabled

Mullvad VPN discovered that Android loses traffic every time the device connects to a WiFi network, even if the “Block connections without VPN” or “VPN always on” features are enabled. BleepingComputer reports: Data leaked outside of VPN tunnels includes source IP addresses, DNS lookups, HTTPS traffic, and likely NTP traffic as well. This behavior is built into the Android operating system and is a design choice. However, Android users probably didn’t know this until now due to the inaccurate description of “VPN Lockdown” features in Android’s documentation. Mullvad discovered the issue during a yet to be released security audit, issuing a warning yesterday to raise awareness of the issue and put additional pressure on Google.

Android offers a setting under “Network and Internet” to block network connections unless you are using a VPN. This feature is designed to prevent accidental leaks of the user’s real IP address if the VPN connection drops or drops suddenly. Unfortunately, this functionality is compromised by the need to support special cases such as identifying captive portals (like hotel WiFi) that must be checked before the user can connect or when use of split-tunnel features. This is why Android is configured to leak certain data when connecting to a new WiFi network, whether or not you have enabled the “Block connections without VPN” setting.

Mullvad reported the issue to Google, requesting the addition of an option to disable connectivity checks. “This is a feature request to add the option to disable connectivity checks while ‘Block connections without VPN’ (from now on lockout) is enabled for a VPN app,” Mullvad explains in a feature request on Google Issue Tracker. “This option needs to be added because the current VPN lockdown behavior is to leak connectivity verification traffic (see this issue for incorrect documentation), which is not intended and could impact data privacy. users.” In response to Mullvad’s request, a Google engineer stated that this was intended functionality and would not be fixed for the following reasons:

– Many VPNs actually rely on the results of these connectivity checks to work,
– Verifications are neither the only nor the most risky exemptions to VPN connections,
– The impact on privacy is minimal, if not insignificant, because the leaked information is already available from the L2 connection.

Mullvad countered those points and the case remains open.