Status Update
No update yet.
Comments
vi...@google.com
We’ve shared this with our product and engineering teams and will continue to provide updates as more information becomes available.
sa...@google.com
al...@mullvad.net
The main reason it's important to update the documentation is due to the potential user privacy impact. For that reason, a
al...@mullvad.net
Additional behavior not covered by the lockdown documentation:
- NTP traffic seem to leak outside the VPN app/tunnel in some scenarios, e.g. before unlocking the device the first time after boot.
- Incoming traffic is allowed to any app.
Assuming this is intended behavior, it should be addressed by updating the documentation. Here's a suggestion on how it can be covered:
A person using the device (or an IT admin) can force all* traffic to use the VPN. The system blocks any* network traffic that doesn't use the VPN. People using the device can find the Block connections without VPN switch in the VPN options panel in Settings.
*exempt traffic:
- Connectivity checks
- Network provided time
- Incoming traffic
al...@mullvad.net
da...@gmail.com
Incoming traffic beyond the baseline low-level networking and VPN is blocked for Android 13. That was an issue with Android 12 and below which was resolved.
mo...@gmail.com
Know
Description
The documentation regarding "Block connections without VPN" (from now on lockdown) is incorrect, as connectivity check traffic intentionally leaks (sent outside the VPN tunnel) while establishing network connectivity, even though lockdown is activated for a VPN app.
Current documentation:
Suggested documentation: