- An Android 16 flaw may allow common apps to leak traffic outside of an active VPN
- Google’s Android security team refused to fix the bug
- GrapheneOS has shipped an update that disables the underlying feature
GrapheneOS, the privacy-focused alternative Android distribution, has just fixed a recently discovered flaw in Android VPN that Google decided to leave alone.
A security researcher revealed the bug last week, showing that even the best VPN apps can be undermined by the underlying operating system in some extreme circumstances. The flaw, dubbed “Tiny UDP Cannon,” affects Android 16 and can allow a regular app to leak data outside of an active VPN tunnel.
The leak works even when users have enabled Android’s strictest privacy settings, including “VPN always on” and “Block connections without VPN.” In those cases, users reasonably expect that no traffic can leave the device unless it goes through the encrypted tunnel, but this bug breaks that assumption.
That said, attackers need a malicious app already installed on your phone to exploit the vulnerability.
After the disclosure, Google’s Android security team classified the issue as “Will not be fixed (unworkable)” and decided that it would not appear in a security bulletin.
GrapheneOS, however, took a different view and shipped a patch.
How the “Tiny UDP Cannon” leaks your real IP
In his technical analysis, the researcher known as “lowlevel/Yusuf” explains that the flaw lies in a small feature of Android 16 intended to politely close certain network connections.
When an app closes a connection, you can give Android a short goodbye message to send on your behalf. The problem is that Android doesn’t check what’s in the message and doesn’t check if the app should be blocked behind the VPN. Simply send what the app provides over your regular mobile or Wi-Fi connection.
That gap, according to the researcher, is enough for a malicious app to leak your real IP address directly through the VPN. And the bar for abuse is unusually low. The app does not need any permissions that seem suspicious; You just need the basic Internet access that almost every app on your phone already has.
The good news is that this isn’t something a random website or public Wi-Fi can do to you. An attacker would still need to install a specifically crafted app on your device first. The bad news, especially for journalists, activists and anyone who relies on Android’s lock mode as a guarantee, is that Google has decided not to fix it.
Kudos to @GrapheneOS for shipping a fix in less than a week https://t.co/otKgCBSKl3May 5, 2026
GrapheneOS presents a solution, with a small caveat
GrapheneOS responded by disabling the faulty feature entirely in release 2026050400.
This completely eliminates the attack surface, at the cost of losing the small network efficiency the feature was meant to provide.
For stock Android users, the researcher’s article notes that the feature can be disabled manually with an ADB command, but this is not a permanent solution. The settings can be reverted via a factory reset or future system updates, and should only be considered a mitigation of the current version.
If you’re running Android 16 and relying on a VPN for great privacy, practical options today are limited. You can apply the ADB fix above, switch to a device running GrapheneOS, or accept the blocking settings to be a little less tight than advertised until Google changes its mind.
For most users, the daily risk is modest. The attack requires a malicious app already installed on your phone, so the usual habits still apply: stick to trusted apps, review the permissions you grant, and keep your device up to date. A reputable VPN is still an important layer of protection for the vast majority of threats, even if this particular flaw shows that the lower layer doesn’t always cooperate.
