GrapheneOS fixes Android VPN leak Google refused to patch

May 9, 2026 · 1 min read · Hacker News

📌 This article contains affiliate links. If you buy through these links, we may earn a small commission at no extra cost to you. Learn more

GrapheneOS has released a new update that fixes a recently disclosed Android VPN bypass vulnerability capable of leaking a user’s real IP address.

The leak happens even when Android’s “Always-On VPN” and “Block connections without VPN” protections were enabled.

The issue, disclosed last week by security researcher “lowlevel/Yusuf,” affected Android 16 and stemmed from a newly introduced QUIC connection teardown feature in Android’s networking stack.

➡️ Read the full article at Hacker News

This excerpt is provided for informational purposes with a link to the original source. All rights belong to the original publisher.

Affiliate Link

🛒

In the Plex: How Google Thinks by Steven LevyView on Amazon →

As an Amazon Associate, we earn from qualifying purchases at no extra cost to you.

ai-dev