Quote from Proton VPN:
Google has known about a bug that breaks VPN apps for 7 months, leaving users exposed with no warning or error, just a VPN app that stopped working in the background.
If you’re using ANY VPN on Android, you can help us by getting Google’s attention to fix it.
We first reported this bug to Google in September 2025.
Others like Mullvad and Wireguard reported it even earlier, in August.
Google’s response? “I don’t see anything unusual.”
The bug corrupts Android’s network stack at the system level after a VPN update, causing users to blame their VPN provider.
Restarting the app doesn’t help, with the only fix being a full device reboot or VPN app reinstall, something which most users never figure out.
This affects several VPN providers on Android 16, and only Google has the access to diagnose it properly.
After 7 months of waiting, we’re now asking publicly: Google, when are you fixing this?
Issue Tracker Links:
It’s a feature.
Especially considering the trend, yes, it’s definitely a feature.
This is basically like watching the enshittification of our Android devices live
Shit like this is the reason I’ve given money to mobile Linux projects
Hell yeah, thanks for donating! For anyone else reading, I’d suggest donating to PostmarketOS, if you have the means. They’re doing extremely good work building the foundation we’ll be able to use to escape Android and google forever.
I’m just curious how I’ll manage to get to my second factor app for my bank to run.
A lot of bank apps actually work fine on Graphene, there’s a list of working ones here: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
Nice, both my bank and Wero are listed. Do you think this can be adapted for postmarket?
It’s possible that the android app could be run through a compatibility layer such as waydroid, but that would need separate testing to confirm if the app is compatible.
Just tested on postmarketOS and both Aegis and my bank app work fine through waydroid. My bank alerts that my phone is somehow modified and that I should be careful.
So I guess they do detect it, but some banks may or may not allow you to use their app in that case. (My app works on graphene too btw)
If that bank does not have an alternate way to 2FA, see if another bank does. They just want you to have an app dependency so they can harvest everything you do, everywhere you go, and sell it.
Banks will have to adapt when they realize people won’t play their games anymore. At the end of the day, they like money, and will follow it.
I’m sure this will happen but I also know that we will be the first adopters so we will have to figure out how to communicate our wishes.
Wireguard on Linux can’t even autostart with the system.
“Bug”
My self hosted wireguard has no issues, so no idea what this is on about… I leave my VPN connected for many hours at a time and never had a crash as this post is indicating. Sounds device specific, but have not seen the issue on my S22U or S26U.
So that’s why my AdGuard stopped working sometimes since the upgrade. I specifically set it to VPN mode as that used to be more stable than proxy mode.
They also fucked up notifications somewhere around October - they are always 15-20 minutes late. I tried everything in settings, nothing helped. They are aware of the issue but they don’t give a fuck.
Google will ban VPN apps next, I guarantee it.
They will likely end up doing something similar to how Apple’s network stack on iPhone works once they can figure out how to make the network stack work that way. Apple’s devices are configured so even when you have a full-tunnel VPN, some local traffic, and connections back to Apple corporate always circumvent the VPN. There is no way to truly full-tunnel on an Apple device.
What you didn’t say was what reason you have for thinking they would do this. “They’re getting shittier all the time” is true, but isn’t an actual reason.
The actual reason is control. VPN on the current Android stack makes it relatively easy for a non-technical user to sign up for a paid service that blocks telemetry-harvesting back to Google. Unlike Apple’s platform, Google’s historically heavily relies on a cloud connection for pseudo-real-time telemetry harvesting. If a person uses a VPN with ad/app/telemetry-blocking, Google gets cut off. That means things like, their Waymo cars not receiving real-time traffic updates, their WiFi geolocation database missing current information, their adtech arm not receiving user metadata.
Google’s software is quite tenacious at attempting to connect to Google too. If you ever want to see how much, install RethinkDNS and start blocking core Google services. Check the logs. You will see the app try Google in your country, then Google in neighboring countries, then other devices in your home running Google software. Any connection they can find to relay telemetry back to the big G-spot.
Google’s moves right now in lieu of any government taking action against them is to solidify their platform control and metadata harvesting pipelines. They’re cutting off alternate ROMs, cutting off open source hardware drivers for newer devices, partnering with Samsung to encourage Samsung to close their devices down, reducing security patch frequency on older devices, partnering more closely with Apple to ensure a stream of healthy metadata from Apple, closing the ability to install third-party apps, and also getting heavier into military contracting.
Google is an information vacuum, always has been. When their leadership was more “altruistic”, the trade-off was a contribution back to society. Now that they are in a late-stage profit phase, they’re just doubling down on that vacuum role hard.
You’re right, I don’t actually know why they would ban vpns, other than governmental pressures. A bit of a knee-jerk, there. :)
So without even a law they would just do it.? Yeah knee jerk is a mild way of putting it
Was there a law against ad blockers?
The answer is always to follow the money. With Google, you are the product. Your data is their money source. VPNs interfere with this.
The other guy us right. Google abso-fucking-lutey is going to ban em. Mark my words.
Ad blockers don’t prevent work from being done. VPNs are used for work by many many people. Kinda alarmist and baseless to think they’re going to disregard that
That’s not their money. And they are not in this to be altruistic. I doubt they would care.
Besides, that’s always a feature they can restrict to some kind of business plan.
And to be frank, expecting any goodwill from them is dangerously naive. The very idea that Google, who are FAMOUS for randomly canceling projects and services, regardless of the impact, would so much as even notice the damage their actions cause is quite simply ludicrous.
I’m expecting the opposite of goodwill. I’m expecting greed. Companies don’t buy phones from companies that remove their ability to do work. A lot of large companies buy phones. Again: alarmist.
Would this affect android-based OSes like lineageOS? Or can they patch something like that?
likely will affect them, but now that it’s been disclosed will probably get patched immediately (but not by google).
It has been disclosed for a while…
yes, but were the vendors that provide lineage/eos/etc aware of the disclosure?
probably not.
On grapehene os and hasn’t encountered mentioned bug.
I would honestly be surprised if the Grapheme network stack wasn’t fully rewritten. So yeah, my money is this bug did not propagate to their codebase.
Any other android custom ROM I would be careful with, though…
Seems like they may have around this time
Yes to both?
That explains a lot. Although I never had to restarty phone, my Mullvad occasionally just crashes for no reason and there is no indication.
Thank you, I’ve been wondering what’s going on
is A15 the last good version of Android
Reason why I’ve disabled software updates.
don’t do this use GrapheneOS instead
Doesn’t work with s24.
Wanted to switch from iOS to android but honestly I’m wondering more and more if that would even be useful
Also, the fact that the kill switch feature also kills LAN sucks
I am doing the opposite. If I have to use locked down system, I’ll use the one with better hardware and less spyware.
Switching to a Pixel phone to access GrapheneOS would still be worth it, and a massive increase in privacy and security.
