In addition to being able to change geographical location, the use of a VPN (virtual private network) is also used to protect privacy. However, at least on Android mobiles, this shielding is not total, but there is certain traffic data that is filtered to the outside.
As Mullvad VPN has discovered, Android phones leak data such as source IP addresses, DNS lookups, HTTPS traffic, and probably also NTP traffic even if they have the “Block connections without VPN” or “VPN always on” features enabled.
Android loses traffic with VPN
Android loses traffic every time the device connects to a WiFi network , even if the “Block connections without VPN” or “VPN always on” features are enabled. This has led the company Mullvad, owners of a VPN service, to ask Google to at least correct the inaccurate description of the “Block VPN” functions in the Android documentation, since this is not a bug. security hole, but a conscious decision and by design of the mobile operating system.
“The documentation on “Block connections without VPN” (from now on, blocking) is incorrect, as the connectivity check traffic is intentionally filtered (sent out of the VPN tunnel) when establishing network connectivity, although the blocking is enabled for a VPN application.
Current documentation: A person using the device (or an IT administrator) can force all traffic to use the VPN. The system blocks any network traffic that does not use the VPN. People who use the device can find the Block connections without VPN button in the VPN options panel in Settings.
Suggested documentation: A person using the device (or an IT administrator) can force all traffic ( except connectivity checks ) to use the VPN. The system blocks any network traffic (except connectivity checks) that does not use the VPN. People who use the device can find the Block connections without VPN button in the VPN options panel in Settings.
Additionally, they have also logged a request to add the option to disable connectivity checks while “Block connections without VPN” is enabled for a VPN app. This option should be added as the current VPN blocking behavior is to filter connectivity check traffic that is not expected and could affect user privacy.
“Example of a VPN app configuration after adding this option:
VPN always on <button>
Block connections without VPN <button>
Disable connectivity checks <button>»
The dangers of leaked data
Traffic that leaks out of the VPN connection contains metadata that could be used to derive sensitive anonymization information , such as WiFi hotspot locations.
“The connection verification traffic can be observed and analyzed by the party that controls the connectivity verification server and any entity that observes the network traffic,” explains Mullvad in his blog post.
Even if the content of the message reveals nothing more than “some connected Android device”, the metadata (including the source IP) can be used to obtain more information, especially when combined with data such as the locations of access points Wifi. However, since such an anonymization attempt would require a fairly sophisticated actor, it is unlikely that most of our users would consider it a significant risk .