Android 16 contains a VPN bypass bug letting apps leak QUIC traffic outside Always-On tunnels, exposing real IP addresses to tracking.Google reportedly closed the report as infeasible, while GrapheneOS patched the flaw and Mullvad shared adb mitigations for privacy-focused users. https://mullvad.net/en/blog/2026/5/12/any-app-on-recent-android-versions-can-leak-certain-traffic#TechNews #Google #Android #Android16 #VPN #GrapheneOS #Mullvad #QUIC #Privacy #Security #Cybersecurity #OpenSource #FOSS #Android #ROM #App #iOS #Leak #Traffic
