.png)
VPN provider Mullvad issues a warning to Android users regarding potential DNS leaks that can compromise user privacy. These leaks are a result of bugs present in the operating system, allowing unauthorized access to the approximate location of users and monitoring of visited websites.
Mullvad has identified two specific scenarios where Android devices may leak DNS traffic. The first scenario occurs when a VPN connection is active without a designated DNS server, leaving the system vulnerable. The second scenario involves temporary exposure of DNS traffic during VPN reconfiguration or unexpected termination/crash.
According to Mullvad, these vulnerabilities are a result of inherent flaws within the Android OS, affecting only select apps. The leaks have been observed in several versions of the OS, including Android 14.
The VPN provider assures users that a solution for the first scenario is forthcoming and will be included in an upcoming update for the Android app. However, addressing the issue of DNS leaks during VPN tunnel resets poses a greater challenge. Mullvad has reported these vulnerabilities to Google and proposed improvements for enhanced security.
English (US)