IVPN Blog>IVPN News>DNS traffic leak outside VPN tunnel on Android

DNS traffic leak outside VPN tunnel on Android

IVPN News By IVPN Staff | Posted on June 13, 2024

Recently we were made aware of a potential DNS traffic leak outside the VPN tunnel on Android. Even with Android OS “Always-on VPN” and “Block connections without VPN” options enabled, as per the report the plaintext DNS traffic can be observed outside the VPN tunnel.

During our investigation, we were able to confirm the issue when using different VPN apps on Android (including the IVPN app). The issue was reproduced in several different Android versions, including the latest Android 14.

A DNS leak can occur when an app (e.g. Chrome app) calls the getaddrinfo function to resolve domains. Note that getaddrinfo function can leak DNS even when the option “Block connections without VPN” is enabled. The issue should be fixed in a future Android version.

Steps to reproduce

  1. Enable “Block connections without VPN” in Android Settings -> VPN -> [provider] -> Settings
  2. Start tcpdump and filter DNS traffic
  3. Connect or reconnect VPN
  4. Open or refresh a web page in the Browser
  5. Check tcpdump for plaintext DNS traffic

Recommendations

DNS leaks can seriously impact user privacy, resulting in potential exposure of browsing history and geolocation, or tracking and profiling. Depending on your threat model, consider avoiding using Android in situations where DNS leaks can impact your privacy, until the issue is fixed in a future Android OS version.

Apps
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

Featured posts

IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

Related posts

IVPN web infrastructure security audit concluded IVPN News

IVPN web infrastructure security audit concluded

Posted on April 11, 2024 by Nick Pestell

We’re pleased to announce that a sixth annual independent security audit has concluded. The assessment focused on Web UI, backend components, API endpoints, underlying web servers, and web infrastructure. We’d like to share two key excerpts from the report:
IVPN preparing for 6th annual security audit IVPN News

IVPN preparing for 6th annual security audit

Posted on February 15, 2024 by Nick Pestell

Consistent with our pledge to conduct a yearly review of our systems, we have commissioned the independent security auditing organisation Cure53 to perform a security audit in March 2024. As we remarked last year, audits we arrange focus on parts of our systems that received significant updates.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.