A significant security vulnerability has been identified in Android 16, raising concerns for users who rely on VPN services for privacy. This flaw permits malicious applications to expose a user’s real IP address, even when the “Always-On VPN” and “Block connections without VPN” features are activated—settings that many users consider to be robust safeguards for their online anonymity.
The discovery was made by security researcher 0x33c0unt and was publicly disclosed on April 30, 2026. The vulnerability takes advantage of a newly introduced feature in Android 16, known as registerQuicConnectionClosePayload, which was designed to facilitate smooth QUIC connection terminations.
Initially reported to Google’s Android Vulnerability Reward Program on April 12, the issue was marked as “Won’t Fix” just six days later, prior to the researcher receiving the green light for public disclosure on April 29.
Understanding the Attack Mechanism
The exploit leverages the fact that Android’s VPN lockdown feature filters traffic based on application UID, while systemserver (UID 1000) is exempt from these restrictions. A malicious app can gain access with just two auto-granted permissions: INTERNET and ACCESSNETWORK_STATE.
To execute the attack, the app creates a UDP socket directly linked to the device’s Wi-Fi IP using a standard kernel bind() call, effectively circumventing Android’s VPN enforcement. It then registers a payload controlled by the attacker with system_server through a raw Binder transaction:
java// Direct Binder transaction to reach the hidden registerQuicConnectionClosePayload API
private static final int TXN_REGISTER = 94;
Parcel data = Parcel.obtain();
data.writeInterfaceToken("android.net.IConnectivityManager");
data.writeTypedObject(pfd, 0);
data.writeByteArray(payload.getBytes());
connectivity.transact(TXNREGISTER, data, null, IBinder.FLAGONEWAY);
Upon the app’s exit, the kernel sends a SOCKDESTROY notification. Subsequently, systemserver opens a new UDP socket, binds it to the physical Wi-Fi interface, and transmits the attacker’s payload outside the VPN tunnel. This allows the destination server to capture the device’s actual public IP address.
The underlying issue resides in ConnectivityService.java, where the registerQuicConnectionClosePayload method lacks any permission checks, both in its implementation and in the AIDL definition, as well as in the SELinux policy.
This vulnerability has been verified on a Pixel 8 running Android 16 (build BP22.250321.011) with Proton VPN active and lockdown mode enabled. Any application on an affected device can discreetly transmit the device’s real IP address to an attacker-controlled server without alerting the user or requiring elevated permissions.
Temporary Mitigation Steps
As of now, Google has not released a patch for this vulnerability. However, users can disable the problematic feature via ADB with the following commands:
bashadb shell deviceconfig put tethering closequic_connection -1
adb reboot
This action will completely disable the QUIC teardown feature. It’s important to note that a factory reset or a future Mainline update could potentially remove this workaround. A proof-of-concept application is available on GitHub for those interested in further exploration.
Individuals who depend on VPNs for anonymity—such as journalists, activists, or privacy-focused users—are advised to implement this temporary mitigation immediately and remain vigilant for an official patch from Google.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
