Android bug leaks DNS queries despite VPN kill switch protection
Privacy-focused VPN Mullvad recently disclosed potential DNS leaks on Android, affecting certain apps due to inherent bugs in the Android system. The issue came to light on April 22, when a Reddit user reported a DNS leak. This user discovered the leak while toggling VPN on and off with the “Block connections without VPN” setting activated.
Mullvad's investigation into the matter confirmed the leaks across multiple Android versions, including the most recent, Android 14. The VPN provider revealed that this security issue could potentially impact many users, even those using a VPN with the kill switch enabled. In response, Mullvad plans to circumvent the Android bug by setting a bogus DNS server, although this will not entirely prevent the leak.
DNS leaks pose significant privacy risks for users. They can be exploited to estimate a user's location or ascertain the websites and services a user frequents. Depending on the individual's threat model, this could necessitate avoiding Android entirely for sensitive tasks or implementing additional measures to prevent leaks.
Is it a bug or a backdoor by the ad company that ships the OS?
Don't use mobile devices for anything sensitive unless absolutely necessary.
Unless it's an actually privacy-centric OS or device like /e/, Graphene, etc.