The VPN bug in Android 16 causes the apps installed on your device to become a source of data leakage.

      Android 16 has a flaw that allows applications to circumvent your VPN, potentially exposing your true IP address.

      Your VPN on an Android 16 device may not be as effective as you believe. A recently identified bug in Android 16 permits any application on your device to transmit data outside the VPN tunnel, revealing your actual IP address online, irrespective of the VPN service used or the strictness of your settings.

      This vulnerability was initially highlighted by a Zurich-based security engineer using the handle @cybaqkebm and was subsequently noted by the VPN provider Mullvad, which confirmed that this flaw impacts all VPN applications on Android 16, not only its own.

      How serious is this issue and what has Google stated?

      The bug is related to a system service in Android 16 known as ConnectivityManager. This service is intended to allow apps to send a final message to web servers when a connection is terminated. The issue is that this service completely bypasses the VPN tunnel, transmitting data unencrypted and thereby exposing your real IP address.

      The security engineer submitted the issue via Google’s Vulnerability Reward Program. However, Google responded by closing the report and marking it as ‘Won’t Fix,’ arguing that it falls outside their threat model.

      A Google representative informed CNET that the issue only affects devices that have been compromised by a malicious app and claimed that Google Play Protect automatically defends users against known harmful apps.

      However, Play Protect only protects against recognized apps. Unknown malicious applications have previously infiltrated the Play Store and accumulated millions of downloads before being removed.

      What can you do at this moment?

      Your choices are limited, and none are particularly straightforward. There exists a technical workaround involving a debug command, but the researcher who discovered the flaw cautioned that this should only be attempted by individuals who fully grasp the consequences. This solution could also be eliminated by future Android updates.

      GrapheneOS, a security-oriented variant of Android, has already resolved the issue, but switching operating systems is not feasible for many users. Although there is currently no evidence of active exploitation, given Google's inaction, the safest advice is to be extremely cautious about your app installations.

      Manisha Priyadarshini is a tech and entertainment writer with more than nine years of editorial experience.

      Google Health 5.0 is being released with its best feature prominently displayed and its worst issues concealed.

      Google Health 5.0 is currently rolling out as a mandatory update for Fitbit app users, and the timing is intentional. The new Fitbit Air, which directly competes with the Whoop fitness tracking band, launches next week, and, as you might have guessed, Health 5.0 is necessary for its setup.

      Your top-streamed artists on Spotify could grant you early access to their tour tickets.

      Spotify has introduced Reserved, a feature that holds two concert tickets for the most dedicated Premium fans prior to the general public sale.

      Purchasing concert tickets has always felt like an uphill battle. You arrive at the right time, continuously refresh the page, and still leave empty-handed. Scalpers and bots often secure the best seats before genuine fans have a chance to even view them. This is why Spotify has launched Reserved, a new feature that reserves two concert tickets for the most devoted fans of an artist before they go on sale to the general public.

      Motorola Razr Fold reintroduced me to the phone stylus, and I realized how much I missed it.

      Motorola's Razr Fold with the stylus was unexpectedly enjoyable.

      I had mostly accepted that phone styluses were meant for a specific type of user. Some prefer to take notes in a traditional manner, artists can find some utility in them, or Galaxy Ultra loyalists might advocate for them. However, for most people, a stylus does not necessarily improve the experience. Thus, when I began using the Motorola Razr Fold with the Moto Pen Ultra, I didn't anticipate it would change my perspective. A stylus on a foldable device makes sense conceptually due to the increased surface area. However, phone styluses often sound better in theory than they perform in everyday use. The Moto Pen Ultra surprised me because Motorola has not treated it merely as a tiny writing tool; it functions more as a remote, a shortcut device, a sketch pad companion, and much more combined into one accessory.