Android 16 VPN Bypass Exposes User IP Lets Malicious

A recently disclosed vulnerability in Android 16 has ignited significant privacy concerns. Researchers found that malicious applications can exploit this flaw to bypass VPN protections, thereby exposing a user’s real IP address, even when strict security settings are active.

The vulnerability, dubbed the “Tiny UDP Cannon,” allows any regular Android app with basic permissions to leak network traffic outside the VPN tunnel.

This bypass works even when users enable “Always-On VPN” and “Block connections without VPN,” two features designed to enforce complete traffic protection.

Android 16 VPN Bypass

At the core of the issue is a design flaw in Android’s ConnectivityManager service.

Instead of sending network traffic directly, a malicious app can register a payload with the system process (system_server), which operates with elevated privileges and is not bound by VPN routing rules.

Once the app exits or its socket is destroyed, system_server sends the attacker-controlled data over the device’s physical network interface, such as Wi-Fi, completely bypassing the VPN.

This behavior stems from the method:

• registerQuicConnectionClosePayload

The method lacks:

• Permission checks.
• Payload validation.
• Awareness of VPN lockdown policies.

As a result, even apps with only auto-granted permissions, such as INTERNET and ACCESS_NETWORK_STATE, can exploit this mechanism.

The vulnerability effectively breaks Android’s VPN trust model. Attackers can:

• Reveal a user’s real public IP address.
• Exfiltrate data outside encrypted VPN tunnels.
• Track users despite privacy protections.

The issue was successfully tested on a Pixel 8 running Android 16 with Proton VPN enabled and lockdown mode active.

Indicators of Compromise (IOCs)

Below are key indicators associated with exploitation:

• Network Activity: Unauthorized UDP packets sent outside the VPN tunnel.
• Source IP: Device’s real Wi-Fi IP (e.g., 192.168.x.x).
• Destination: Attacker-controlled server and port (e.g., port 3131).
• Payload Pattern: Arbitrary or tagged data such as EXFIL{src=IP}.
• Permissions Used: INTERNET, ACCESS_NETWORK_STATE.
• System Component: system_server (UID 1000) initiating traffic.

The issue was reported to Google’s Android Vulnerability Reward Program (VRP) in April 2026.

However, the Android Security Team classified it as “Won’t Fix (Infeasible)”. It stated that it does not meet the criteria for inclusion in a security bulletin.

Despite this, researchers argue that the flaw poses significant privacy risks, especially for users who rely on VPNs for anonymity.

A temporary mitigation exists via an ADB command that turns off the vulnerable QUIC feature:

• adb shell device_config put tethering close_quic_connection -1

After rebooting, the system stops sending the registered payloads, effectively blocking the leak.

However, this is not a permanent fix and may be removed in future updates.

Researchers at lowlevel.fun warned that system-level exemptions can unintentionally bypass key mobile security protections.

As VPN usage continues to grow, such bypasses could become a critical attack vector for surveillance and data leakage.

Users and security teams are advised to monitor unusual network activity and apply mitigations where possible until an official fix is introduced.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.