GrapheneOS v2024050900: Preliminary Fix for VPN DNS Traffic Leaks
GrapheneOS is an open-source, privacy and security-focused mobile operating system based on the Android Open Source Project (AOSP).
- This release provides a preliminary fix against VPNs that failed to configure DNS properly causing a potential DNS query leak on Android devices.
"This is a preliminary defense against this issue and more research is required, along with apps preventing the leaks on their end or they'll still have leaks outside of GrapheneOS," was stated in the release notes.
Identified scenarios where the Android OS can leak DNS traffic:
- If a VPN is active without any DNS server configured.
- For a short period of time while a VPN app is re-configuring the tunnel or is being force stopped/crashes.
"Depending on your threat model this might mean that you should avoid using Android altogether for anything sensitive, or employ other mitigations to prevent the leaks. We aim to partially mitigate these problems in our app, so make sure to keep the app up-to-date," said Mullvad VPN, whose user discovered the issue on April 22.
What's new
Changes since the 2024050700 release:
- prevent app-based VPN implementations from leaking DNS requests when the VPN is down/connecting
- exclude Settings app from visible Location indicator too since it gets triggered from accessing Wi-Fi data when enabling Wi-Fi hotspot and potentially other info tied to Wi-Fi and Bluetooth
- Vanadium: update to version 125.0.6422.35.0
- PDF Viewer: update to version 19
Changes since the 2024050300 release:
- full 2024-05-05 security patch level
- rebased onto AP1A.240505.005 Android Open Source Project release
- update our backports of mainline APEX Health Fitness patches
- kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.213
- kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.151
- TalkBack (screen reader): update dependencies
- Vanadium: update to version 124.0.6367.159.0
- PDF Viewer: update to version 18
