Android VPN IP Leak Even If Always-On VPN Enabled
7 hours ago
- #VPN Bypass
- #Android Security
- #UDP Exploit
- An Android 16 bug allows apps with no special permissions to bypass VPN protection and leak the user's real IP, even with Always-On VPN enabled.
- The exploit uses the system_server's registerQuicConnectionClosePayload method to send arbitrary data via UDP on the physical Wi-Fi network, bypassing VPN routing.
- No permission checks or payload validation are performed, and the system_server ignores VPN-lockdown states, allowing unauthorized data exfiltration.
- A mitigation involves using ADB to set a DeviceConfig flag to disable the vulnerable feature, though this is not a permanent fix.
- Google's Android Security Team classified the issue as 'Won't Fix' and not meeting the security bulletin threshold, despite prior similar CVEs.