Android has a critical vulnerability where DNS traffic can leak while switching VPN servers, potentially exposing user internet activity to cybercriminals. The issue affects various Android versions, including Android 14, and was first reported on Reddit and later confirmed by Mullvad VPN. The problem occurs when DNS queries leak while toggling VPN connections, despite having the 'Block connections without VPN' setting on
The leaks happen during VPN reconfiguration, crashes, and involve the C function getaddrinfo, affecting applications like Chrome. Mullvad VPN plans a temporary workaround by setting a bogus DNS server to prevent leaks until Android OS fixes the issue. This shows the need for constant security awareness and quick responses in the digital security realm, advising Android users to keep their VPN apps updated, monitor service provider updates, and stay informed about security vulnerabilities and their mitigation. Google is expected to address this by updating the Android OS to prevent future privacy breaches. ```https://cybersecuritynews.com/android-bug-leaks-dns-traffic/