The Tiny UDP Cannon: An Android VPN Bypass
Summary
A security researcher reveals a vulnerability in Android 16 that allows an app to leak the device's real IP even when Always-On VPN with lockdown is enabled. The exploit abuses a hidden QUIC connection-close mechanism and system_server to exfiltrate data over the non-VPN path, bypassing VPN routing. Android's response labeled the issue as Won’t Fix (Infeasible), with a mitigations path involving a device_config flag that disables the feature, albeit with drawbacks.