9
WebRTC Leak on Android
(reddthat.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 29 Jan 2026
9 points (90.9% liked)
privacy
8399 readers
151 users here now
Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.
Partners:
- community.nicfab.it/c/privacy
founded 3 years ago
MODERATORS
WebRTC isn't magic. WebRTC does not bypass a VPN, nor is it the only--or even most common--way that software on your phone, Android or otherwise, can exfiltrate potentially sensitive information, intentionally or unintentionally. The way WebRTC on your phone might leak an IP is that during ICE, which is used by more than just WebRTC, the phone's local IP addresses may be sent, and IPv6 addresses on your WiFi or cell connection may be globally unique. IPv4 local addresses will almost certainly be meaningless, private addresses due to IPv4 address space exhaustion, and any non-local address will be from your VPN gateway.
You cannot block ICE per app or system wide because it is not a system facility, and the permissions required to implement it on Android are not very specific.
thanks a lot, I guess that means block connections without vpn also blocks webrtc from revealing true ip?
I'm not sure. If non-VPN connections are blocked, any non-VPN IP that is leaked cannot be confirmed to be yours, because a connection cannot be established to that IP. However, if the client can see those unusable addresses, it can still send those addresses over the VPN connection as part of ICE and that may be enough of a problem for you.