Identified scenarios where the Android OS can leak DNS traffic:
- If a VPN is active without any DNS server configured.
- For a short period of time while a VPN app is re-configuring the tunnel or is being force stopped/crashes.
The leaks seem to be limited to direct calls to the C function getaddrinfo.
The above applies regardless of whether Always-on VPN and Block connections without VPN is enabled or not, which is not expected OS behavior and should therefore be fixed upstream in the OS.
We’ve been able to confirm that these leaks occur in multiple versions of Android, including the latest version (Android 14).
We have reported the issues and suggested improvements to Google and hope that they will address this quickly.
prevent app-based VPN implementations from leaking DNS requests when the VPN is down/connecting (this is a preliminary defense against this issue and more research is required, along with apps preventing the leaks on their end or they’ll still have leaks outside of GrapheneOS)
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
Additional Resources: