GrapheneOS fixes Android VPN leak Google refused to patch

103 points • by Georgelemental • today at 2:11 PM • 25 comments • view on HN

hedora • today at 5:25 PM

> Google maintained its position, authorizing public disclosure on April 29.

I'm surprised they honored the embargo at that point, and delayed the fix until May. Why not just release immediately?

➕ show 1 reply

nottorp • today at 4:08 PM

> Because system_server operates with elevated networking privileges and is exempt from VPN routing restrictions

So a VPN isn't a VPN on Android? Regardless of this bug. Do other locked down operating systems act the same?

➕ show 3 replies

zb3 • today at 5:01 PM

Stock Android is spyware and adware, back in the day we called such software malicious and removed it, now it's the default.

unethical_ban • today at 3:50 PM

I know there are bad business reasons, but how can someone classify a VPN leak as "not a security issue" and keep their pride?

➕ show 5 replies

idovmamane • today at 3:59 PM

[dead]

OutOfHere • today at 3:55 PM

It wasn't patched by Google because it's a backdoor. For various reasons, modern mainline Android is substantially hazardous to use.

alt Hacker News