Android 16 VPN bug turns apps installed on your phone into a leaky sink
A bug in Android 16 has been discovered that allows apps to leak data outside of VPN tunnels. This vulnerability exposes users' real IP addresses regardless of their VPN settings. The issue was reported by a security engineer and confirmed by the VPN provider Mullvad.
- ▪The bug affects all VPN apps on Android 16 devices.
- ▪It allows any app to send traffic outside the VPN tunnel, compromising user privacy.
- ▪The vulnerability is linked to a system service called ConnectivityManager.
Opening excerpt (first ~120 words) tap to expand
That VPN you are running on your Android 16 device may not be doing as much as you think. A newly discovered bug in Android 16 allows any app on your device to send traffic outside your VPN tunnel, exposing your real IP address to the internet, regardless of which VPN you use or how locked down your settings are. The vulnerability was first reported by a Zurich-based security engineer going by the handle @cybaqkebm, and was later flagged by VPN provider Mullvad, which confirmed the bug affects all VPN apps on Android 16, not just its own.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Digital Trends.