Android VPN leaks can still happen below the app layer

Mullvad says an Android 16 bug can let apps send certain QUIC traffic outside the VPN tunnel, even with Android’s strongest VPN blocking settings enabled.

2026-06-02 GIGATAP Team #tools
#Android#VPN#Privacy

Source#

Source: Mullvad Blog — https://www.mullvad.net/en/blog/2026/5/12/any-app-on-recent-android-versions-can-leak-certain-traffic/

What happened#

Mullvad says a bug in recent Android versions can let any app send certain traffic outside the VPN tunnel.

The issue is tied to Android 16 and a system service called registerQuicConnectionClosePayload. According to Mullvad, a malicious app can use this path to craft traffic that bypasses the VPN. The leak can happen even when Android’s “Always-on VPN” and “Block connections without VPN” settings are enabled.

That matters because those two settings are normally treated as Android’s strongest user-facing VPN controls. “Always-on VPN” keeps a chosen VPN active. “Block connections without VPN” is meant to work like a kill switch: if the VPN is not available, traffic should not leave the device outside the tunnel.

Mullvad says this bug affects all VPN apps, not only Mullvad VPN. The reason is simple: the leak sits in Android’s system behavior, below the level where an individual VPN app can fully control it.

The original technical write-up is titled “The Tiny UDP Cannon: An Android VPN Bypass.” Mullvad says the bug was reported to the Android Security Team but closed as “Won’t Fix (Infeasible),” based on the linked report. Mullvad also says it reported the issue separately after consulting the report author, but at the time of its post the issue was marked inaccessible by Google for unknown reasons.

GrapheneOS, a security-focused Android-based operating system, patched the issue quickly, according to Mullvad.

Why the leak exists#

The vulnerable path is not a normal app network request.

Mullvad points to registerQuicConnectionClosePayload, a system service used for graceful QUIC connection shutdown. QUIC is the protocol behind HTTP/3 and many modern low-latency network flows. When a device closes a QUIC connection, the system can send a final payload to the server to signal that the connection has closed cleanly.

That feature is supposed to be routine plumbing. The problem is routing.

Mullvad says the system service does not properly check that the close payload goes through the VPN tunnel. A malicious app can therefore craft a payload that the system sends outside the VPN path. If that packet reaches the internet directly, the remote side can see the device’s real IP address rather than the VPN exit IP.

This is not the same as saying an app gets full unrestricted internet access outside the VPN. The source describes “certain traffic,” specifically tied to this QUIC close payload behavior. But for privacy, even a limited leak can matter. A single packet can expose an IP address. In some threat models, that is enough.

Why users should care#

A VPN does not only encrypt traffic. For many users, it also hides the network address assigned by an ISP, mobile carrier, workplace, hotel, or hostile local network.

If traffic escapes the tunnel, the user’s real IP address can become visible to an external server. That can support tracking, correlation, geolocation, or surveillance. The impact depends on who receives the packet, what other identifiers are present, and what the user is trying to protect against.

For ordinary users, this weakens a simple assumption: turning on Android’s strongest VPN mode does not always mean every possible packet is forced through the VPN.

For higher-risk users, the lesson is sharper. The Android VPN model still depends on operating system enforcement. A VPN app can do many things well, but it cannot reliably patch every kernel, framework, or system-service path that sits outside its control.

This is why Mullvad frames the issue as affecting all VPN apps. Switching VPN providers does not remove a bug in the OS path, unless a specific provider has found a separate mitigation inside its app. The source does not claim that.

What is known, and what not to overclaim#

Known from the source:

  • Android 16 introduced a bug that can allow VPN bypass through a QUIC-related system service.
  • A malicious app can trigger the leak path.
  • The leak can occur even with “Always-on VPN” and “Block connections without VPN” enabled.
  • The issue affects VPN apps broadly because it is in Android behavior.
  • The leaked traffic can expose the device’s real IP address.
  • Google’s Android Security Team reportedly closed the original report as “Won’t Fix (Infeasible).”
  • GrapheneOS has patched the issue, according to Mullvad.

Not established by the source:

  • That this is being exploited in the wild.
  • That all traffic can bypass the VPN.
  • That all Android versions are affected in the same way.
  • That a VPN provider can fully fix this inside a normal VPN app.
  • That every user faces the same level of risk.

Those distinctions matter. A narrow packet leak is still serious for privacy, but it is not the same as total VPN failure. The practical risk depends on installed apps, Android version, device vendor updates, and the user’s threat model.

Mitigation options#

Mullvad describes a technical mitigation using adb. It disables the QUIC graceful shutdown feature that exposes the leak path.

The commands listed by Mullvad are:

adb shell device_config put tethering close_quic_connection -1
adb reboot

This requires USB debugging and comfort with Android Debug Bridge. It is not a normal settings toggle. Mullvad says the mitigation persists across reboots, but may be undone by system updates. If that happens, the commands would need to be run again.

The tradeoff is also clear. Disabling the feature means the server-side QUIC socket may remain half-open until it times out. Mullvad says this should generally not negatively affect the Android device or apps running on it, but it also warns users to run the command only at their own risk and only if they understand the implications.

A second mitigation is to use a security-oriented Android variant that has patched the issue. Mullvad names GrapheneOS as one example. That path is not available or practical for every user, since it depends on device support and willingness to replace the stock operating system.

The most basic mitigation is also the least glamorous: do not install apps you do not trust. This bug requires an app on the device to trigger the path. That does not make the OS bug harmless, but it does make app trust part of the defense.

Practical checks#

For most users, the immediate checklist is short:

  • Check whether your device is on Android 16 or another affected recent Android build once vendor details are available.
  • Keep the OS updated, but understand that Mullvad says this specific issue was not accepted as a normal Android security fix at the time of writing.
  • Review installed apps, especially sideloaded apps or apps with unclear provenance.
  • If your threat model depends on strict VPN enforcement, consider whether the adb mitigation or a patched Android variant is appropriate.
  • Do not assume a VPN app alone can enforce every packet path when the OS provides a bypassable system service.

The core issue is not that VPNs are useless on Android. It is that Android’s VPN guarantee has edges. Some edges live in places users never see: system services, protocol helpers, and vendor update decisions.

That is where privacy controls often fail. Not in the switch the user turned on, but in the system path the switch did not cover.