May 4, 2024 at 12:19PM
Mullvad VPN user found that Android devices leak DNS queries when switching VPN servers, even with “Always-on VPN” and “Block connections without VPN” enabled. The bug occurs during VPN reconfiguration, causing potential privacy risks. Mullvad suggested temporary workarounds and emphasizes fixing the issue at the OS level. Google is investigating the report.
Summary of Meeting Notes:
– Mullvad VPN discovered a bug in Android devices that leaks DNS queries even when “Always-on VPN” with the “Block connections without VPN” option is enabled, potentially compromising user privacy.
– This bug occurs when using apps that make direct calls to the getaddrinfo function, resulting in leakage of DNS traffic when a VPN is active or when a VPN app reconfigures the tunnel, crashes, or is forced to stop.
– Mullvad proposed potential mitigations for the DNS leak scenarios, such as setting a bogus DNS server while the VPN app is active, but a fix for the VPN tunnel reconnect DNS query leak remains unresolved for all Android VPN apps.
– The seriousness of this issue prompts a recommendation to consider stopping the use of Android devices for sensitive activities or implementing additional safeguards until Google resolves the bug and backports the patch to older Android versions.
– A Google spokesperson confirmed awareness of the report and stated that Android security and privacy are top priorities, indicating that they are looking into the findings.
Please let me know if you need any further clarification or additional information.