Security News > 2022 > October > Android leaks some traffic even when 'Always-on VPN' is enabled
Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the "Block connections without VPN," or "Always-on VPN," features is enabled.
The data being leaked outside VPN tunnels includes source IP addresses, DNS lookups, HTTPS traffic, and likely also NTP traffic.
Roid offers a setting under "Network & Internet" to block network connections unless you're using a VPN. This feature is designed to prevent accidental leaks of the user's actual IP address if the VPN connection is interrupted or drops suddenly.
This is why Android is configured to leak some data upon connecting to a new WiFi network, regardless of whether you enabled the "Block connections without VPN" setting.
"This is a feature request for adding the option to disable connectivity checks while"Block connections without VPN" is enabled for a VPN app," explains Mullvad in a feature request on Google's Issue Tracker.
"This option should be added as the current VPN lockdown behavior is to leaks connectivity check traffic which is not expected and might impact user privacy."