A critical Android VPN bypass vulnerability allows apps without special permissions to leak users' real IP addresses even when Always-On VPN with blocking is enabled. The exploit uses system_server to send UDP packets outside the VPN tunnel, completely bypassing Android's security protections. This affects Android 16 and has been reported to Google, who considers it outside their threat model despite the serious privacy implications.
Background
Android's Always-On VPN with blocking feature is designed to ensure all network traffic goes through the VPN tunnel, providing a critical privacy and security layer for users. This is particularly important for journalists, activists, and privacy-conscious individuals who rely on VPN protection.
- Source
- Lobsters
- Published
- May 1, 2026 at 07:04 AM
- Score
- 8.0 / 10