Android bug leaks DNS queries even when VPN kill switch is enabled

Android leak

Image: Midjourney

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the « Always-on VPN » feature was enabled with the « Block connections without VPN » option.

« Always-on VPN » is designed to start the VPN service when the device boots and keep it running while the device or profile is on.

Enabling the « Block Connections Without VPN » option (also known as a kill switch) ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users’ web activity.

However, as Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version (Android 14).

This bug occurs while using apps that make direct calls to the getaddrinfo C function, which provides protocol-independent translation from a text hostname to an IP address.

They discovered that Android leaks DNS traffic when a VPN is active (but no DNS server has been configured) or when a VPN app re-configures the tunnel, crashes, or is forced to stop.

« We have not found any leaks from apps that only use Android API:s such as DnsResolver. The Chrome browser is an example of an app that can use getaddrinfo directly, » Mullvad explained.

« The above applies regardless of whether ‘Always-on VPN’ and ‘Block connections without VPN’ is enabled or not, which is not expected OS behavior and should therefore be fixed upstream in the OS. »

Potential mitigations

Mullvad said that the first DNS leak scenario, where the user switches to another server or changes the DNS server, can be mitigated easily by setting a bogus DNS server while the VPN app is active.

However, it has yet to find a fix for the VPN tunnel reconnect DNS query leak, which is valid for all other Android VPN apps seeing that they’re also likely impacted by this issue.

« It should be made clear that these workarounds should not be needed in any VPN app. Nor is it wrong for an app to use getaddrinfo to resolve domain names, » Mullvad explained.

« Instead, these issues should be addressed in the OS in order to protect all Android users regardless of which apps they use. »

In October 2022, Mullvad also found that Android devices were leaking DNS queries (e.g., IP addresses, DNS lookups, and HTTPS traffic) every time they connected to a WiFi network because of connectivity checks even if « Always-on VPN » was toggled on with « Block connections without VPN » enabled.

DNS traffic leaks present a significant risk to user privacy, potentially exposing their approximate locations and the online platforms they engage with.

Given the seriousness of this issue, you may want to stop using Android devices for sensitive activities or implement additional safeguards to mitigate the risk of such leaks until Google resolves the bug and backports the patch to older Android versions.


Update May 03, 17:02 EDT: A Google spokesperson sent the following statement: « Android security and privacy is a top priority. We’re aware of this report and are looking into its findings. »

Source link