We were recently made aware of multiple potential DNS leaks on Android. They stem from bugs in Android itself, and only affect certain apps.

Any system app on Android, the captive portal login and more CAN all bypass a VPN in “block all other connections” mode.

Android is really problematic and having as little system apps as possible is the only fix.

removed by mod

They didn’t bring it to light, it was a user report posted on reddit. They merely investigated it further. Nothing against mullvad, it’s a great vpn, but credit where credit is due.

removed by mod

Just use rethink dns with a wireguard tunnel and block every app except those you trust and need !

I tried out rethink DNS but I did not manage in any way to just use my VPNs DNS. Would you have a hint how to make it work?

@Legend@lemmy.sdf.org
link
fedilink
2
edit-2
7M

deleted by creator

Thank you so much. Me just stupid.

@Legend@lemmy.sdf.org
link
fedilink
3
edit-2
7M

deleted by creator

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
1
edit-2
6M

removed by mod

@Legend@lemmy.sdf.org
link
fedilink
1
edit-2
7M

deleted by creator

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
0
edit-2
6M

removed by mod

What I don’t understand though, doesn’t using mullvad automatically set their own DNS?

Only if your Android connection is set to automatic DNS. Additionally, they are assuming it is an OS bug. However, they also acknowledge that they had to fix something on their app to mitigate. I tried myself with Wireguard instead, killed the network access to it, and nothing ever left my phone, as Android immediately killed all connections due to the VPN always on feature.

So, I’m going to take their claim with a grain of salt until AOSP says something about this and denies or confirms the alleged bug.

lemmyreader
creator
link
fedilink
68M

On the desktop it does. But on Android things are maybe different ? Not directly related but I remember (long time ago) wanting to tether from an Android phone with Mullvad VPN app in use, to a computer, only to find out that the Android defaults (In Android not in the Mullvad app) needed a button swiped to make it work correctly on the other device.

This is not a feature in stock AOSP.

This is a feature in calyxos, lineageos

I thought sharing the VPN was blocked and not possible. Do you remember how you did?

Ive recently managed to do this;

Settings> Network & Internet> Hotspot & Tethering> Allow Clients To Use VPN

Not in pixel :( I would love this

I think that’s a feature in newer android versions, but maybe some manufacturers disallow it.

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
13
edit-2
6M

removed by mod

removed by mod

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
2
edit-2
6M

removed by mod

removed by mod

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
2
edit-2
6M

removed by mod

If you do this, you’ll be using the DNS you assign instead of using the VPN’s DNS, as intended. That will make you stand out from the rest of the same VPN users, effectively affecting privacy.

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
3
edit-2
6M

removed by mod

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
1
edit-2
6M

removed by mod

“The report detailed how the user managed to leak DNS queries when disabling and enabling VPN while having “Block connections without VPN” on.”

Not to diminish the severity of the issue but I can’t imagine this being the factor that pushes the average person to ios over android.

I’m not sure of anyone who switches from iOS. Once you are in the ecosystem they won’t let you leave.

@dubyakay@lemmy.ca
link
fedilink
10
edit-2
8M

Why is this stupidity repeated ad nauseum? I’ve successfully switched from iOS to Android and back to iOS again without any hindrance.

It’s not any different from switching from windows to Linux.

Then why can’t I use an Apple watch with anything but Apple products? Why do I need a Mac to create iOS apps?

Lmao. People really are just out there on the raggedy edge. The watch communicates with a shit ton of sensors and other tech only found on Apple devices. Also, last I checked, I can’t run an Android Watch on iPhone fully, there is always a slew of things that don’t work or kinda work. Maybe Apple didn’t want that experience for its users.

You need a Mac to build Apple apps because why in the actual fuck would you use a PC to do that!? What’s the point?

I’m not defending Apple as they clearly gate a lot of shit but the complaining about the dumbest shit ever doesn’t make them Nazis. Also, Google, Samsung, Microsoft, all of them are the same level of asshole. Big Tech is trash. This is not new news.

You could use an Android watch with iOS but Apple will not let you. I don’t get why you are defending Apple

meseek #2982
link
fedilink
18M

What do you mean don’t let you? https://screenrant.com/samsung-galaxy-watch-4-use-with-iphone-compatible-explained/

Same shit as with Apple on Android, basic functionality, nothing more.

So you blame Apple for Android having basic functionality with an aWatch but then blame Apple for a Samsung Watch having basic functionality on iOS? So it’s just Apple’s fault all the way around then?

I guess you also missed the part where I say all big tech is the same? And are all basically shit? Or you just didn’t read that far…

If you just have an iPhone and nothing else and treat it like a smart phone it is very easy to migrate over to android and vice versa. If you get invested in the apple ecosystem it might be hard to leave or use some other products that are gimped without an iPhone

Third party products will not work well with an iPhone as Apple makes sure that there products work best. Additionally, iphones have very bad SMS and MMS support.

Source on bad sms and mms support? I use an iPhone and both seem to work fine…

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
31
edit-2
6M

removed by mod

meseek #2982
link
fedilink
08M

Uhhhh, source? Those are pretty bold claims to just casually toss out

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
7
edit-2
6M

removed by mod

meseek #2982
link
fedilink
38M

The one that irks me is how some apps that have already established a connection can ignore the VPN. I always wondered about that, like if I enabled my VPN, what happens to existing connections. One thing I couldn’t find is what apps can do this? If it’s third party apps, that’s pretty serious. But if it’s just Apple apps or default ones, that’s a far less of a concern seeing as Apple seems to bypass VPN anyway for its in-house wares.

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
7
edit-2
6M

removed by mod

LOL. They built the entire fucking OS. If they want to siphon my data, they can. Without anyone knowing. Also everything is linked to my Apple ID. So what’s the point? They already know everything and have tied it all together with my unique IDs, device serial numbers and the payment data associated. What’s the point the of running FaceTime over a VPN? They already know everything…

At some point you have to stay calm and think rationally.

Now if Twitter or some random app I downloaded from GitHub can bypass my VPN, then yeah, that’s a pretty big concern as they currently have nothing on me.

I’m going to ignore the “corpos aren’t your friend” because FUCKING DUUUHHHHHH

@TheAnonymouseJoker@lemmy.ml
banned
link
fedilink
5
edit-2
6M

removed by mod

meseek #2982
link
fedilink
88M

Cheers 🥂

deleted by creator

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78K Comments
  • Modlog