- Android 16 flaw can allow regular apps to leak traffic outside of an active VPN
- Google’s Android security team refused to fix the bug
- GrapheneOS delivered an update that disables the underlying functionality
GrapheneOS, the privacy-focused alternative Android distribution, just patched a recently discovered Android VPN flaw that Google decided to leave alone.
A security researcher revealed the bug last week, showing that even the best VPN apps can be compromised by the operating system inside them in certain extreme circumstances. The flaw, dubbed “Tiny UDP Cannon,” affects Android 16 and can allow a regular app to leak data outside of an active VPN tunnel.
The leak works even when users have enabled Android’s strictest privacy settings, including “VPN always on” and “Block connections without VPN.” In these cases, users reasonably expect that no traffic can leave the device unless going through the encrypted tunnel, but this bug shatters that assumption.
That said, attackers need a malicious app already installed on your phone to take advantage of this vulnerability.
After the disclosure, Google’s Android security team classified the issue as “will not be fixed (unworkable)” and decided that it would not appear in a security bulletin.
GrapheneOS, however, took a different view and released a patch.
How the “Tiny UDP Cannon” Leaks Your Real IP Address
In his technical analysis, the researcher called “lowlevel/Yusuf” explains that the flaw lies in a small feature of Android 16 intended to politely close certain network connections.
When an app cuts a connection, it can send Android a short goodbye message to send on its behalf. The problem is that Android doesn’t check the content of the message or whether the app is supposed to be locked behind the VPN. It simply sends whatever the app gives it over the regular Wi-Fi or mobile connection.
According to the researcher, this gap is enough for a malicious app to leak your real IP address directly beyond the VPN. And the bar for abuse is unusually low. The app doesn’t need any suspicious permissions; it only needs the basic internet access that almost every app on your phone already has.
The good news is that this isn’t something a random website or public Wi-Fi network can do to you. An attacker will first need to install a specially crafted application on your device. The bad news, especially for journalists, activists, and anyone else who relies on Android’s lock mode as an absolute guarantee, is that Google has decided not to fix it.
GrapheneOS provides a fix, with a small caveat
GrapheneOS responded by disabling the faulty functionality entirely in version 2026050400.
This completely removes the attack surface, at the cost of losing the low network efficiency the feature was intended to provide.
kudos to @GrapheneOS for shipping a patch in less than a week https://t.co/otKgCBSKl3May 5, 2026
For stock Android users, the researcher’s paper states that the feature can be disabled manually with an ADB command, but this is not a permanent solution. The setting may be reverted by a factory reset or future system updates, and should only be considered an mitigation of the current version.
If you’re running Android 16 and relying on a VPN for optimal privacy, your practical options are limited today. You can apply the ADB workaround above, switch to a device running GrapheneOS, or accept that the lock setting is slightly less tight than advertised until Google changes its mind.
For most users, the daily risk is modest. The attack requires a malicious app already installed on your phone, so the usual habits still apply: stick to reputable apps, check the permissions you grant, and keep your device updated. A reputable VPN remains a significant layer of protection for the vast majority of threats, although this particular flaw shows that the layer underneath doesn’t always cooperate.
