- An Android 16 bug could let regular apps leak traffic outside of an active VPN
- Google’s Android Security Team declined to fix the bug
- GrapheneOS has released an update that disables the underlying feature
GrapheneOS, the privacy-focused alternative Android distribution, has just fixed a newly discovered Android VPN bug that Google decided to leave behind.
A security researcher revealed the flaw last week, showing that even the best VPN apps can be undermined by the operating system underneath it in some extreme circumstances. The flaw, nicknamed “Tiny UDP Cannon,” affects Android 16 and can allow a regular app to leak data outside an active VPN tunnel.
The leak works even when users have enabled Android’s strictest privacy settings, including “Always-On VPN” and “Block connections without VPN.” In these cases, users would reasonably expect that no traffic can leave the device unless it goes through the encrypted tunnel, but this error breaks that assumption.
That said, attackers would need a malicious app already installed on your phone to take advantage of the vulnerability.
Upon publication, Google’s Android security team classified the issue as “Will not fix (infeasible)” and decided that it would not appear in a security bulletin.
However, GrapheneOS had a different view and sent a patch.
How “Tiny UDP Cannon” leaks your real IP
In his technical analysis, the researcher who goes by “lowlevel/Yusuf” explains that the flaw resides in a small Android 16 feature meant to politely close certain network connections.
When an app closes a connection, it can give Android a short goodbye message to send on its behalf. The problem is that Android doesn’t check what’s in the message, and it doesn’t check if the app should be locked behind the VPN. It simply sends whatever the app gives it over the regular Wi-Fi or cellular connection.
According to the researcher, that hole is enough for a malicious app to leak your real IP address right past the VPN. And the bar for abuse is exceptionally low. The app doesn’t need any suspicious-looking permissions; it only needs the basic internet access that almost every app on your phone already has.
The good news is that this isn’t something a random website or public Wi-Fi network can do to you. An attacker still needs to have a specially crafted app on your device first. The bad news, especially for journalists, activists and anyone who relies on Android’s lockdown mode as a hard guarantee, is that Google has decided not to fix it.
GrapheneOS ships a fix with a small warning
GrapheneOS responded by disabling the faulty feature entirely release 2026050400.
It completely removes the attack surface at the cost of losing the small network efficiency the feature was intended to provide.
kudos to @GrapheneOS for sending a fix in less than a week https://t.co/otKgCBSKl35 May 2026
For users on stock Android, the researcher’s writing notes that the feature can be turned off manually with an ADB command, but this is not a permanent fix. The setting can be reverted by a factory reset or future system updates and should only be considered a downgrade of the current release.
If you’re running stock Android 16 and rely on a VPN for serious privacy, the practical options today are limited. You can use the ADB workaround above, switch to a device running GrapheneOS, or accept that the lockdown setting is a little less airtight than advertised until Google changes its mind.
For most users, the daily risk is modest. The attack needs a malicious app already installed on your phone, so the usual habits still apply: stick to reputable apps, review what permissions you give, and keep your device updated. A reputable VPN remains a meaningful layer of protection for the vast majority of threats, although this particular bug shows that the layer underneath isn’t always cooperating.
