GrapheneOS fixes Android VPN leak Google refused to patch

GrapheneOS 修复了谷歌拒绝修补的 Android VPN 泄露漏洞

GrapheneOS has released a new update that fixes a recently disclosed Android VPN bypass vulnerability capable of leaking a user’s real IP address. The leak happens even when Android’s “Always-On VPN” and “Block connections without VPN” protections were enabled. GrapheneOS 发布了一项新更新，修复了最近披露的一个 Android VPN 绕过漏洞，该漏洞会导致用户真实 IP 地址泄露。即使在启用了 Android 的“始终开启的 VPN”和“阻止无 VPN 连接”保护功能时，该泄露依然会发生。

The issue, disclosed last week by security researcher “lowlevel/Yusuf,” affected Android 16 and stemmed from a newly introduced QUIC connection teardown feature in Android’s networking stack. In its latest release, GrapheneOS says it has “disable[d] registerQuicConnectionClosePayload optimization to fix VPN leak,” effectively neutralizing the attack vector on supported Pixel devices. 该问题由安全研究员“lowlevel/Yusuf”于上周披露，影响 Android 16 系统，源于 Android 网络堆栈中新引入的 QUIC 连接拆除功能。在最新版本中，GrapheneOS 表示已“禁用 registerQuicConnectionClosePayload 优化以修复 VPN 泄露”，从而有效地消除了受支持 Pixel 设备上的攻击向量。

GrapheneOS is a privacy- and security-focused Android-based operating system primarily developed for Google Pixel devices. The project is widely used by privacy-conscious consumers, journalists, activists, and enterprise users seeking stronger application sandboxing, exploit mitigations, and reduced reliance on Google services. GrapheneOS 是一款专注于隐私和安全的 Android 操作系统，主要为 Google Pixel 设备开发。该项目被注重隐私的消费者、记者、活动人士和企业用户广泛使用，他们寻求更强的应用沙盒、漏洞缓解措施以及减少对谷歌服务的依赖。

According to Yusuf’s technical write-up, the vulnerable API allowed ordinary applications with only the automatically granted INTERNET and ACCESS_NETWORK_STATE permissions to register arbitrary UDP payloads with system_server. When the app’s UDP socket was later destroyed, Android’s privileged system_server process would transmit the stored payload directly over the device’s physical network interface rather than through the VPN tunnel. Because system_server operates with elevated networking privileges and is exempt from VPN routing restrictions, the packet bypassed Android’s VPN lockdown protections entirely. 根据 Yusuf 的技术报告，该易受攻击的 API 允许仅拥有自动授予的 INTERNET 和 ACCESS_NETWORK_STATE 权限的普通应用程序向 system_server 注册任意 UDP 负载。当应用程序的 UDP 套接字随后被销毁时，Android 具有特权的 system_server 进程会直接通过设备的物理网络接口传输存储的负载，而不是通过 VPN 隧道。由于 system_server 在提升的网络权限下运行且不受 VPN 路由限制，因此该数据包完全绕过了 Android 的 VPN 锁定保护。

The researcher demonstrated the flaw on a Pixel 8 running Android 16 with Proton VPN enabled alongside Android’s lockdown mode. The app reportedly leaked the device’s actual public IP address to a remote server despite VPN protection being fully enabled. 该研究员在运行 Android 16 的 Pixel 8 上演示了这一缺陷，当时设备启用了 Proton VPN 以及 Android 的锁定模式。据报道，尽管 VPN 保护已完全启用，但该应用程序仍将设备的真实公网 IP 地址泄露给了远程服务器。

Google introduced a feature that allows applications to gracefully terminate QUIC sessions when sockets are unexpectedly destroyed. However, the implementation accepted arbitrary payloads without validating whether they were legitimate QUIC CONNECTION_CLOSE frames and did not verify whether the originating application was restricted to VPN-only traffic. 谷歌引入了一项功能，允许应用程序在套接字意外销毁时优雅地终止 QUIC 会话。然而，该实现接受了任意负载，而没有验证它们是否为合法的 QUIC CONNECTION_CLOSE 帧，也没有验证发起应用程序是否被限制为仅使用 VPN 流量。

The researcher reported the issue to Android’s security team, which classified it as “Won’t Fix (Infeasible)” and “NSBC” (Not Security Bulletin Class), stating that it did not meet the threshold for inclusion in Android security advisories. The researcher appealed the decision, arguing that any application could leak identifying network information using only standard permissions, but Google maintained its position, authorizing public disclosure on April 29. 研究员向 Android 安全团队报告了该问题，但团队将其归类为“不会修复（不可行）”和“NSBC”（非安全公告类别），称其未达到纳入 Android 安全公告的门槛。研究员对该决定提出上诉，认为任何应用程序仅使用标准权限即可泄露识别性网络信息，但谷歌坚持其立场，并于 4 月 29 日授权公开披露。

GrapheneOS responded by disabling the underlying optimization entirely in release 2026050400. GrapheneOS 对此做出回应，在 2026050400 版本中完全禁用了该底层优化。

Beyond the VPN leak fix, the latest release also includes the full May 2026 Android security patch level, multiple hardened_malloc improvements, Linux kernel updates across Android’s 6.1, 6.6, and 6.12 branches, and a backported fix for CVE-2026-33636 in libpng. The update additionally ships newer Vanadium browser builds and expanded Dynamic Code Loading restrictions. 除了修复 VPN 泄露外，最新版本还包括 2026 年 5 月完整的 Android 安全补丁级别、多项 hardened_malloc 改进、Android 6.1、6.6 和 6.12 分支的 Linux 内核更新，以及针对 libpng 中 CVE-2026-33636 的向后移植修复。此次更新还附带了更新的 Vanadium 浏览器版本，并扩展了动态代码加载限制。

The researcher noted that stock Android users could temporarily mitigate the issue manually through ADB by disabling the close_quic_connection DeviceConfig flag. However, that workaround requires developer access and may not persist indefinitely if Google removes the feature flag in future updates. 研究员指出，原生 Android 用户可以通过 ADB 手动禁用 close_quic_connection DeviceConfig 标志来暂时缓解该问题。然而，该变通方法需要开发者权限，如果谷歌在未来的更新中删除了该功能标志，则可能无法长期有效。