Android bug can leak DNS traffic with VPN kill switch enabled

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option.

"Always-on VPN" is designed to start the VPN service when the device boots and keep it running while the device or profile is on.

Enabling the "Block Connections Without VPN" option (also known as a kill switch) ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users' web activity.

However, as Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version (Android 14).

This bug occurs while using apps that make direct calls to the getaddrinfo C function, which provides protocol-independent translation from a text hostname to an IP address.

Leave a Comment