Android is the victim of a bug. According to Mullvad, the operating system jeopardizes the privacy of VPN users. A malfunction leads to DNS leaks in certain situations.
Mullvad, a Sweden-based VPN service, says it has been made aware of “multiple potential DNS leaks on Android.” In a press release published on May 3, 2024, the Swedish company specifies that the malfunction comes directly from the Android operating system and affects “only some applications”.
A Domain Name System (DNS) leak is a common security vulnerability in VPN services. The breach will lead to queries being sent to an ISP’s DNS servers, even when a VPN is enabled on your computer or smartphone. However, it creates a secure, encrypted tunnel between the device and a remote server. This tunnel prevents the operator from obtaining information about the websites visited. During a DNS leak, the ISP is able to track all of your online activities, such as your IP address, where you are, and what you’re looking for on the web. This also applies to a potential attacker or an overly curious website.
Very special situations
According to Mullvad’s findings, this DNS leak occurs when a VPN is active, but no DNS server has been configured. It also appears when you change VPN servers. Disclosure occurs even if the user has enabled the option that blocks all VPN-protected connections. However, this feature should prevent network traffic from momentarily falling into the hands of the ISP if the VPN is temporarily down. This is also the case with the option that keeps the VPN on all the time, as soon as you turn on your phone. Again, this feature should prevent any information from passing outside of the secure tunnel generated by the VPN.
Mullvad explains that he was able to confirm that “these leaks occur in multiple versions of Android, including the latest version,” i.e., Android 14. Leaks only occur when applications use the “getaddrinfo” function in the C programming language. This feature allows you to translate a domain name (e.g. “google.com”) into an IP address used to connect to the Internet. This is when the DNS leak occurs. Among the affected apps is Google Chrome.
Google is looking into the bug
To protect its users, Mullvad has come up with a workaround that is to set up a fake DNS server. The VPN will add this fix as soon as possible. However, the company doesn’t have a solution in place to prevent a DNS leak when shutting down or reconfiguring a VPN. However, Mullvad says that “these issues should be fixed in the operating system to protect all Android users, regardless of the apps they use.” That’s why Mullvad alerted Google. In a statement to Bleeping Computer, the Mountain View giant said it was reviewing “the conclusions” of Mullvad’s report.
