It's worth noting that the built-in VPN support doesn't have these leaks. We don't agree with how Mullvad is presenting this because it is not yet clear if the leaks with their app and other apps are because of bugs in these apps or the OS. Their own post says they've resolved part of these DNS leaks through changing their app to avoid not having a DNS configuration. Android supports many use cases of the VPN service API including not handling DNS and this may be a side effect of that flexibility. It's not necessarily a bug. If it's possible to set up the apps in a way that they don't leak without OS changes, then it was probably an app issue all along.
We're aware of a separate issue unrelated to DNS leaks where multicast packets can leak to the local network with VPN apps. This appears to be an OS bug, but that's not confirmed yet. It will likely only be determined if it's a bug when we find a fix for it. This multicast leak doesn't happen with the built-in VPN support either.
There have been plenty of VPN leaks on other platforms including issues that are still not really fixed without setting up custom netfilter or eBPF rules similar to what Android is trying to do on platforms where that's not done for you by the OS.
On Android, the responsibility for preventing leaks is partially taken on by the OS which promotes a standard leak blocking feature which has gotten much better in the past few years. Each app trying to do this themselves is not a recipe for success. It's not as if Mullvad was aware of these issues for a long time and asking Android to fix it without action.
We're aware of a separate issue unrelated to DNS leaks where multicast packets can leak to the local network with VPN apps. This appears to be an OS bug, but that's not confirmed yet. It will likely only be determined if it's a bug when we find a fix for it. This multicast leak doesn't happen with the built-in VPN support either.
There have been plenty of VPN leaks on other platforms including issues that are still not really fixed without setting up custom netfilter or eBPF rules similar to what Android is trying to do on platforms where that's not done for you by the OS.
On Android, the responsibility for preventing leaks is partially taken on by the OS which promotes a standard leak blocking feature which has gotten much better in the past few years. Each app trying to do this themselves is not a recipe for success. It's not as if Mullvad was aware of these issues for a long time and asking Android to fix it without action.