Any app on recent Android versions can leak certain traffic
Summary
A vulnerability in Android 16 allows apps to leak traffic outside the VPN tunnel, potentially exposing the device's real IP address. The post discusses how the leak occurs, reports to the Android Security Team, and provides a mitigation using Android Debug Bridge commands; GrapheneOS patched the issue, and it advises caution with untrusted apps.