An Android VPN bypass affecting all Android 16 devices can leak your real IP address even when “Always-On VPN” and “Block connections without VPN” are both enabled—the strongest protections Android offers. Google’s Android Security Team declined to fix it, marking it “Won’t Fix (Infeasible).” GrapheneOS patched the vulnerability within days of disclosure.
Key Takeaways
- Android 16’s new QUIC connection teardown feature creates a VPN bypass that leaks real IP addresses regardless of VPN lockdown settings.
- Google classified the flaw as infeasible to fix and refused to patch it in stock Android.
- GrapheneOS released a fix in update 2026050400 by disabling the vulnerable optimization on supported Pixel devices.
- The vulnerability was demonstrated on a Pixel 8 running Android 16 with Proton VPN and lockdown mode both active.
- Multiple VPN providers including Mullvad, Wireguard, and ProtonVPN are affected on stock Android 16.
How the Android VPN bypass works
The flaw stems from a newly introduced QUIC connection teardown feature in Android’s networking stack. When an app’s UDP socket is destroyed, Android’s privileged system_server process transmits a stored QUIC CONNECTION_CLOSE payload directly over the physical network interface, completely bypassing the VPN. The system_server process has elevated networking privileges that exempt it from VPN routing rules, creating a direct path to leak traffic.
Security researcher “lowlevel/Yusuf” demonstrated the vulnerability on a Pixel 8 running Android 16 with Proton VPN and Android’s lockdown mode enabled—both maximum-strength protections. The real public IP address leaked to a remote server anyway. The root cause is architectural: the QUIC feature accepts arbitrary payloads without validating whether they are legitimate CONNECTION_CLOSE frames or whether the originating app is VPN-restricted.
Why Google refused to patch the Android VPN bypass
Google’s response to the disclosure was unambiguous: “Won’t Fix (Infeasible).” This classification suggests Google views the vulnerability as too deeply embedded in Android 16’s QUIC implementation to address without major architectural changes. The decision leaves millions of Android 16 users vulnerable, even those who believe they have maximum VPN protection enabled.
The refusal is particularly striking because the flaw affects core privacy infrastructure. Users who enable both “Always-On VPN” and “Block connections without VPN” expect their traffic to be protected unconditionally. That expectation is now broken, and Google has declined to restore it.
GrapheneOS patches what Google won’t
GrapheneOS released fix 2026050400 by disabling the “registerQuicConnectionClosePayload optimization” on supported Pixel devices. The update also includes the full May 2026 Android security patch level, hardened_malloc improvements, Linux kernel updates across multiple branches (6.1, 6.6, 6.12), and a backported fix for CVE-2026-33636 in libpng.
This response highlights a fundamental difference between GrapheneOS and stock Android. While Google treats the vulnerability as infeasible to fix, GrapheneOS identified the problematic optimization and disabled it. The fix was deployed within days of disclosure, not months. GrapheneOS has also previously blocked five known outbound VPN leaks and continues work on remaining VPN vulnerabilities, according to its published feature documentation.
The broader privacy risk
The vulnerability matters beyond the technical flaw itself. Mullvad VPN version 2025.6 temporarily disabled GrapheneOS anti-leak features, exposing traffic even after the initial patch. The leak was reproduced on stock Android 16 with Mullvad, Wireguard, and ProtonVPN—meaning the problem affects users of multiple major VPN providers, not just one.
For privacy-conscious users, this exposes a critical gap: even maximum VPN settings in stock Android 16 cannot guarantee traffic protection. Apps auto-connect, logs persist, and now a system-level process can bypass VPN entirely. Users relying on Android’s built-in VPN lockdown for security have been given a false sense of protection.
Is GrapheneOS the only solution?
For Pixel device owners, GrapheneOS offers the only currently available fix. Stock Android 16 remains vulnerable, and Google has shown no signs of reversing its “Won’t Fix” decision. Other Android forks and custom ROMs may or may not address the issue, but GrapheneOS has demonstrated both the technical capability and the willingness to patch vulnerabilities Google ignores.
The larger question is whether users should trust stock Android’s privacy claims. When Google declines to fix a vulnerability that directly undermines its own VPN protections, the answer becomes difficult to ignore.
Can I use a third-party VPN to work around this?
A third-party VPN app running on stock Android 16 cannot protect you from this vulnerability because the flaw exists at the operating system level. The system_server process has privileges that bypass VPN routing entirely, regardless of which VPN app you use. The only mitigation is either switching to GrapheneOS or accepting the risk on stock Android 16.
Does this affect Android versions before 16?
The vulnerability is specific to Android 16 because the QUIC connection teardown feature was newly introduced in that version. Older Android versions do not have this particular attack vector, though they may have other VPN leaks that GrapheneOS has previously patched.
Will Google eventually fix this?
Google’s “Won’t Fix (Infeasible)” classification suggests the company does not plan to address it in the foreseeable future. Changing this decision would require Google to either redesign the QUIC implementation or grant system_server different networking privileges—both major architectural changes that Google apparently views as impractical. Users waiting for a Google patch should not hold their breath.
This Android VPN bypass is a reminder that privacy on Android depends on more than enabling the right toggles. It depends on whether the company controlling the OS actually prioritizes fixing the vulnerabilities that undermine those toggles. GrapheneOS’s rapid response proves the flaw was fixable; Google’s refusal proves the company chose not to.
This article was written with AI assistance and editorially reviewed.
Source: TechRadar
