VPN services on Android turns out to be dangerous

VPN services on Android smartphones do not encrypt all user data.

The remarks came from the blog of the popular VPN service Mullvad. 

The company's specialists noted that on Android smartphones, the Always-on VPN function, which should encrypt all transmitted data, does not provide sufficient confidentiality - this can be dangerous. Mullvad engineers found out that on Google's OS, not all data is transmitted through an encrypted tunnel.

It turned out that on Android devices, IP addresses, HTTPS traffic, and DNS queries are transmitted over an insecure connection - even when Always-on VPN is enabled. This means that anyone who intercepts the connection check can gain access to sensitive data.

Google promptly responded to the claims of the provider. “We have reviewed your request and would like to report that the VPN is working as intended,” the company said. According to Google experts, VPN data encryption technology works in a way that is convenient for users. Mullvad was disappointed with Google's response, but noted that even in this case, intercepting user data over an insecure connection is quite difficult.