Jump to content
  • Mullvad: Android may leak information when connected to a VPN


    Karlston

    • 416 views
    • 3 minutes
     Share


    • 416 views
    • 3 minutes

    Secure and private VPN provider Mullvad discovered that Android devices may leak information when connected to VPN services, which can't be prevented.

     

    According to Mullvad's information, Android uses connectivity checks outside of the VPN tunnel when devices connect to wireless networks. What makes this even worse is that this happens even if the security feature Block connections without VPN is enabled on the device.

     

    The data connections that happen outside of the boundaries of the VPN connection are done by purpose. Mullvad gives the example of captive portals on networks, which require that users authenticate before connectivity becomes available. Most Android users may want these checks, Mullvad notes.

     

    The leaking of information raises privacy concerns for some. Users may believe that their connection is protected against leaks when they use VPNs on Android.  The entity that controls the connectivity check server and any entity that is monitoring networking traffic may obtain the data. The metadata includes the source IP address and may be used to "derive further information", according to Mullvad; this would require a "sophisticated actor" according to the company.

     

    Android does not include user facing options to disable traffic that is happening outside the VPN tunnel. Mullvad published a guide on disabling connectivity checks on Android. It requires development tools and is technical in nature.

     

    The company reported the issue to Google, which responded with a "won't fix" status for the issue, stating that it is intended behavior.

     

    "We have looked into the feature request you have reported and would like to inform you that this is working as intended. We do not think such an option would be understandable by most users, so we don't think there is a strong case for offering this."

     

    Google's main arguments are that other traffic is also exempt from this, that some VPN's might use the connectivity information, and that little data is revealed during these checks. Mullvad argues that the leaking of data matters to some users, and that these users should get an option to block any leaky traffic if they want to.

     

    Android users who need full protections against leaks have only one option: to modify the device using Mullvad's guide to block these connections from happening.

     

    Now You: do you use VPN connections on your mobile devices?

     

     

     

    Mullvad: Android may leak information when connected to a VPN


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...