Possible Traffic Leak from Private Space

wotjbxqptuhx4810

Hello, esteemed forum members!

I have encountered a situation where I would like to get your opinion regarding a potential traffic leak.

Situation Description
I use pcapdroid to capture traffic in my main profile. In the private space, I have a constant VPN enabled that blocks all connections without it (no split tunneling). DNS leak tests have always returned positive results.

However, after updating an application in the private space, I noticed records in the main profile of traffic originating from an IP address in the format 10.********, directed towards the IP address of the application’s website.

This raises the question: could the application in the private space somehow bypass the enabled VPN and leak data into the main profile, where the VPN is disabled?

I would appreciate any advice or clarifications on this matter. Perhaps someone has faced a similar issue?

Thank you for your ![](attention!![] https://files.fm/u/drfekad6nq)

de0u

wotjbxqptuhx4810 After updating an application in the private space, I noticed records in the main profile of traffic originating from an IP address in the format 10.********, directed towards the IP address of the application’s website.

Intent Filter Verification Service, documented here: https://grapheneos.org/usage#app-link-verification

wotjbxqptuhx4810

de0u , Thank you

Phoneuser009

How does GOS deal with potential attacks like these… https://www.darkreading.com/remote-workforce/every-google-pixel-phone-has-a-verizon-app-backdoor. Just curious that’s all

de0u

Phoneuser009 Welcome to the forum! It is customary here to keep each thread focused on one topic. This thread is about a suspected (but not actual) VPN leak related to Private Space. So questions about a year-old article about a Verizon vendor app, unrelated to VPN leaks and unrelated to Private Space, belong in a different thread.

Before posting about a year-old news article it generally is good to search the forum a bit to see whether the old article is still relevant. In the case of the Verizon demo app that was not a threat to GrapheneOS users because GrapheneOS didn't contain the app, this was discussed when it was in the news. A web search for site:discuss.grapheneos.org iverify turns this up: https://discuss.grapheneos.org/d/14993-debunking-fake-stock-pixel-os-vulnerability-from-an-edr-company

Phoneuser009

@"de0u" thanks for replying.. actually the point is whether pixel phones being manufactured by google has any backdoors.. and whether by installing a different OS in the system it removes such backdoors.. am sure every device has its vulnerabilities.. it’s just a matter of what. If avoiding big tech is a thing, perhaps Graphene OS could be made available on other non mainstream phones as well?

userofgos

Phoneuser009 again, you're hijacking this thread and asking questions that a simple search would lead you to the right place to find answers.

A search of site:discuss.grapheneos.org "backdoors" turns up this thread: https://discuss.grapheneos.org/d/10150-not-your-average-why-pixel-thread/7

Phoneuser009

Ah if someone could build a ChatGPT for this forum. Would make life so much easier