VPN bypass IP leak affecting all Android 16 devices

It is an older issue uninvitedfriend: > Similar: Which Mullvad did mention GOS having a solution for already in one of the issues linked here: uninvitedfriend: > Feature request for not bypassing VPN, actual discussion > (“Won’t fix / Intended”) > Hey! Any chance of re-opening this issue/feature request since it has gotten quite a lot of upvotes? > > AOSP based GrapheneOS exposes this functionality in a separate settings screen under “Network & connectivity” → “Internet connectivity checks” where the user can select one of the following: > > GrapheneOS server > > Standard (Google) server > > Off > > Maybe something similar can be done in the AOSP? Which is the same suggestion @uninvitedfriend made assuming you trust GOS, though you can’t use a different server you choose. This new one was fixed here in release 2026050400: > disable registerQuicConnectionClosePayload optimization to fix VPN leak Though the patch has not yet reached stable as they had to pull it and make another release. I also want to bring attention to their response in the discussion for the release about internet connectivity checks here: > Internet connectivity checks aren’t a VPN leak. They bypass the Owner user VPN by design and are important for VPN support. They enable choosing a connection with internet access including for the VPN and are how captive portals are detected. The connectivity checks trigger notifying the user about a captive portal to use the captive portal handling app which is another special system component bypassing the VPN by design to enable handling the captive portal without disabling the VPN. The alternative would be having to create another profile to use the web browser without a VPN since VPNs are per-profile. Let me know if I got anything wrong please.