PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-07-02 15:56:25 -04:00
Code

Android VPN Leakage (#68)

Browse Source 
* Android VPN Leakage
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-10-10 16:16:33 -04:00 committed by GitHub
parent 4470867738
commit b05cf50ad0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/os/Android Tips.md
View File

@ -81,6 +81,8 @@ Multiple user profiles can be found in **Settings** → **System** → **Multipl
With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation.
Note that there is currently a [VPN leakage with secondary user profiles](/os/android-vpn-leakage-with-secondary-user-profiles/).
## Work Profile
[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.

29
content/os/Android VPN Leakage with Secondary User Profiles.md Normal file
View File

@ -0,0 +1,29 @@
---
title: "Android VPN Leakage with Secondary User Profiles"
date: 2022-10-10
tags: ['Operating Systems', 'Android', 'Privacy']
author: Tommy
---
**Before We Start**...
I have been aware of this issue for awhile now (since at least Android 11), though I have not done enough testing to see what actually causes the leak nor do I have any workaround at the moment. My guess is that applications which launch early when you log into a secondary profile can bypass the VPN killswitch.
I have reported it on [Google's issue tracker](https://issuetracker.google.com/issues/252851265).
## The Leak
You can reproduce the leak by doing the following:
1. Create a new user profile (you need to create a secondary user pfofile for this, as it is not reproducible on your owner profile or a work profile). Do not log into your Google account at this stage.
2. Sideload a VPN app. The leak happens with every VPN provider I have tried (since it is likely a platform issue), though if you do not have a VPN subscription I would recommend getting a free one with [ProtonVPN](https://protonvpn.com).
3. Setup the VPN and the [Android VPN killswitch](/os/android-tips/#enable-vpn-killswitch).
4. Log into your Google account through Play Services.
5. Restart the phone. Open the secondary user profile again.
6. Go to Google's [My Devices](https://myaccount.google.com/device-activity) page. Observe that one of the sessions for your phone has your actual location obtained with GeoIP. In some cases, your actual IP address will be shown there as well.
## Notes
1. It is unlikely that this is caused by Play Services being privileged applications. This issue is reproducible on GrapheneOS with the Sandboxed Play Services (which runs as a normal, unprivileged application) as well.
2. More testing is needed to find the root cause of the problem. I do not think that this is Play Services specific. Unfortunately, I do not have access to a router to do a packet capture right now. I would appreciate it if someone can help me get to the bottom of this. You can find my contact information [here](https://tommytran.io/contact/).