So some months back, someone on Reddit found a DNS leak on Android phones that affected all the major VPN products, including ProtonVPN.
Mullvad wrote a blog post about it, and recently claimed to release a fixed version of their app, but the fix doesn’t actually work. Meanwhile ProtonVPN haven’t commented on the issue and their app is vulnerable too.
The GrapheneOS devs tried fixing it as well, but reverted the fix due to problems a while ago and haven’t commented on it since.
A workaround for the leak is to use a VPN and ALSO use a private DNS over HTTPS service, though that’s not ideal, it does prevent the leaks.
But what’s the deal, anyone know why it seems everyone is just ignoring such a major privacy issue?
I tried several times but I’m not getting any DNS leak.
I’m using Fairphone 5 running CalyxOS, on firefox browser
I have also been wondering about this.
So kill switch doesn’t help with this?
VPN devs are clueless on how to fix it. GOS just tweeted (X’d?) last night that they are still working to resolve this on the app side.
I think the issue is now fixed after my last GrapheneOS update. Can you confirm on your side?
If even GrapheneOS wasn’t able to solve this issue it means Proton probably couldn’t, not sure what is the point of this post
Is not Android a major privacy issue by itself ?
more seriously, if someone really care about privacy, dont use Android. Use Linux
A VPN provider cant fix the OS leaks, and even if they find a way, pretty sure google will set another leak
It may be fixed on Calyx. Definitely not on stock Android or GrapheneOS.
Check if you use a custom DNS server. If you do, the leak only ends up going to that, rather than your ISP. I mentioned in the OP that is a workaround.
As I said, there is a fix using custom DNS. But no one is advising that as a stopgap measure.
Mullvad claims to have fixed the problem, yet hasn’t updated their notes to admit they failed, giving users a false confidence.
Proton haven’t warned users not to trust the Android VPN until further notice, or without custom DNS.
There should at least be a warning clearly published so users in some oppressive country aren’t jailed over a simple bug.
No… If the kill switch worked, this wouldn’t be a bug.
According to the patch notes:
“prevent VPN apps from having leaks to non-VPN DNS servers while not yet strictly preventing leaks to VPN DNS outside the VPN tunnel due to multiple VPN apps including Proton VPN not connecting reliably with stricter enforcement (in a future release, we can do strict blocking by default with an opt-out toggle and a list of known incompatible apps such as Proton VPN until the compatibility issue is resolved)”
I’m going to wait until the final patch is done. Also I’m using Mullvad now instead of Proton on all my devices. Not that it fixes the problem, I just CBF installing Proton to test it until the release notes specifically say it is fully resolved and which apps are meant to work.
That Proton must know there is a bug that makes their VPN app insecure.
That there is a known workaround to mitigate it.
Yet they aren’t warning users about the risks or the mitigatiom.
Did you bother to read the post? GOS devs were ABLE to fix it but reverted the fix because of incompatibility issues with VPNs. The point of this post is to keep shining a light on the very serious fact that there are DNS leaks with VPNs on Android.
It also affects GrapheneOS, as I said.
What on earth are you talking about? Linux is not an alternative to Android, as it is scarcely available on the mobile platform and hardly usable; GrapheneOS and hardened Android systems are about as good as you are going to get if you wish to use a mobile
So the issue is only partially fixed. Thanks
I am going to do the workaround you suggested with setting up private DNS. I am thinking of cloudflare. What do you think?
Also, could you please confirm that if ido set up cloudflare as private dns, when connected to the vpn, i will use the vpn dns, and when i lose the connection, it will switch to cloudflare? Am i correct?
Because i dont want to use cloudflare 100% of the time, only in last ressort
how do you test it btw ? I am using Lineage, I can test if I know what to do ?
Of course it is not an alternative - on mobile
my point is: if privacy is a concern, dont use android or android forks.
that s all