DNS traffic leak outside VPN tunnel on Android

IVPN News By IVPN Staff | Posted on June 13, 2024

Recently we were made aware of a potential DNS traffic leak outside the VPN tunnel on Android. Even with Android OS “Always-on VPN” and “Block connections without VPN” options enabled, as per the report the plaintext DNS traffic can be observed outside the VPN tunnel.

During our investigation, we were able to confirm the issue when using different VPN apps on Android (including the IVPN app). The issue was reproduced in several different Android versions, including the latest Android 14.

A DNS leak can occur when an app (e.g. Chrome app) calls the getaddrinfo function to resolve domains. Note that getaddrinfo function can leak DNS even when the option “Block connections without VPN” is enabled. The issue should be fixed in a future Android version.

Steps to reproduce

  1. Enable “Block connections without VPN” in Android Settings -> VPN -> [provider] -> Settings
  2. Start tcpdump and filter DNS traffic
  3. Connect or reconnect VPN
  4. Open or refresh a web page in the Browser
  5. Check tcpdump for plaintext DNS traffic

Recommendations

DNS leaks can seriously impact user privacy, resulting in potential exposure of browsing history and geolocation, or tracking and profiling. Depending on your threat model, consider avoiding using Android in situations where DNS leaks can impact your privacy, until the issue is fixed in a future Android OS version.

Apps
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN News

IVPN acquires Safing, operator of Portmaster and the SPN network

Posted on December 3, 2024 by Nicholas Pestell Viktor Vecsei

The key points IVPN has acquired Safing ICS Technologies GmbH*, the company behind the consumer firewall application Portmaster and the SPN network Over the coming months, the IVPN team will take over the operation of the Portmaster and SPN services IVPN is committed to continuing the improvement of the VPN service, Portmaster, and the SPN network with a focus on better integration across our services The why and how We believe a trustworthy VPN service is just one part of the essential toolkit for resisting online surveillance.
IVPN web infrastructure security audit concluded IVPN News

IVPN web infrastructure security audit concluded

Posted on April 11, 2024 by Nick Pestell

We’re pleased to announce that a sixth annual independent security audit has concluded. The assessment focused on Web UI, backend components, API endpoints, underlying web servers, and web infrastructure. We’d like to share two key excerpts from the report:
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.