diff options
| author | Albin <albin@mullvad.net> | 2022-10-04 14:52:33 +0200 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2022-10-04 14:52:33 +0200 |
| commit | 241d373967ebb1fc57431945843cf9421bf3e436 (patch) | |
| tree | a98261e1d374e226353876458a8df0a9b58b0ace | |
| parent | 043050584c511416837db38d25ce12e59084ff4d (diff) | |
| parent | c078c907b6f14959b1924741b0e5781c20562f9f (diff) | |
| download | mullvadvpn-241d373967ebb1fc57431945843cf9421bf3e436.tar.xz mullvadvpn-241d373967ebb1fc57431945843cf9421bf3e436.zip | |
Merge branch 'document-android-leaks'
| -rw-r--r-- | docs/security.md | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/docs/security.md b/docs/security.md index 01e0c2d1b1..b26e2bf860 100644 --- a/docs/security.md +++ b/docs/security.md @@ -25,16 +25,30 @@ secure as possible with the limitations of the OS APIs. ### Android On Android, the only way an app can filter network traffic is essentially via the VPN service API. -This API allows all traffic to and from the phone to flow though a third party app. This API is of -course what the app uses for the tunnel itself as well, but apart from that it is also what the -leak protection is built on. +This API allows all traffic, except some [exempt by the system](#exempt-traffic), to and from the +phone to flow though a third party app. This API is of course what the app uses for the tunnel +itself as well, but apart from that it is also what the leak protection is built on. An app with permission to act as a VPN service can request to open a VPN tunnel on the device and provide a set of IP networks it would like to have routed via itself. Doing so and specifying -the routes `0/0` and `::0/0` forces all traffic to go via the app. That is what this app does both -when it has a VPN tunnel up, but also when in a state where it would like to block all network -traffic. Such as the [connecting], [disconnecting] and [error] states. In these states, all outgoing -packets are simply dropped, but incoming traffic is still allowed due to the limitations of Android. +the routes `0/0` and `::0/0` forces all traffic, except some +[exempt by the system](#exempt-traffic), to go via the app. That is what this app does both when it +has a VPN tunnel up, but also when in a state where it would like to block all network traffic. Such +as the [connecting], [disconnecting] and [error] states. In these states, all outgoing packets are +simply dropped, but incoming traffic is still allowed due to the limitations of Android. + +#### Exempt traffic + +Even though not being properly documented by Google, some traffic is exempt by the system from using +the VPN, which means that the traffic will leak and therefore potentially impact user privacy. This +applies even if *Block connections without VPN* is enabled. The exempt traffic includes: +* Connectivity checks (DNS lookups and HTTP(S) connections) +* Network provided time (NTP) + +The following issues have been reported by Mullvad in the Android issue tracker in order to improve +documentation and user privacy: +* [Incorrect VPN lockdown documentation](https://issuetracker.google.com/issues/249990229) +* [Add option to disable connectivity checks when VPN lockdown is enabled](https://issuetracker.google.com/issues/250529027) ### iOS |