It has been claimed that Android leaks Wi-Fi connection data despite using a VPN.
Android has been reported to lose small amounts of connection data whenever a user connects to a Wi-Fi network, even when their VPN is active.
Android loses data while using VPN
A new security issue has been identified in Android operating systems. When using a mobile device, users see small amounts of their connection traffic leaking, even when using a VPN.
The company’s “Always-On VPN” is designed to stay active 24 hours a day, whenever the device is turned on. But it has been discovered that traffic data is still leaking, despite the presence of the VPN. On top of that, when people turn on Android’s “Block Non-VPN Connections” feature (also known as the VPN kill switch), they are still at risk of having some of their traffic leaked.
The issue was reported by Mullvad VPN, a Swedish VPN provider. In a Mullvad VPN Blog Post, Android was said to send unencrypted connectivity checks “outside the VPN tunnel”. This issue was discovered during a security audit, although the audit itself was not released at the time of Mullvad’s Android announcement.
Mullvad VPN also said in both the aforementioned post and in a tweet that VPN services cannot stop this leak from happening.
Mullvad suggested to users that “running
tcpdump on your router” after disconnecting Wi-Fi can help monitor traffic leaving the device when Wi-Fi is reconnected.
User anonymity is threatened by these leaks
Even the leak of small amounts of login data can compromise a user’s online anonymity, and therefore their privacy. Even simple metadata can be used by malicious actors to extract additional user information because they can see the source IP address.
By sending connectivity checks outside the secure VPN tunnel, Android OS puts its billions of users at risk. However, Mullvad VPN said any attempt at de-anonymization “would require a fairly sophisticated actor”, and not just any cybercriminal. Regardless, there is always a chance that an experienced malicious actor will take advantage of these leaks.
Pressure is on Google to change the issue
Mullvad VPN’s post on Android traffic leaks not only draws attention to the problem, but puts pressure on Google, the owner of Android, to disclose to users only small amounts of their traffic data. connection can be leaked even when their VPN is active.
On the other hand, Google could add an option on Android devices to prevent connectivity checks from being sent outside the tunnel. This would give users the ability to choose how their data is processed.
Checking the integrity of your data is important
Whether or not you use a VPN, your data can still be at risk. That’s why it’s important to monitor your outgoing connection traffic to make sure it’s not being processed in a way that you don’t like.