WebRTC leaks IP

[Slion]

WebView apparently leaks your real IP address when using VPN even when WebRTC is disabled. In theory one could use a WebView implementation that fixes that, see your device developer options settings. Maybe Bromite WebView fixed it?

Another solution could be to use a local WebView implementation instead of the system one. See what Mozilla Focus did by switching to GeckoView.

[nift4]

I did multiple WebRTC Leak tests with ProtonVPN and it never leaked my ip

[Slion]

@nift4 Maybe they fixed it at some point. Which WebView version did you test it against?

[nift4]

Version 97.0.4692.98

[Slion]

97.x is not even the most up to date this days. Currently on Google Play you get 102.x on the release channel.

[marcdw1289]

I know this is old but... I was in a discussion about webview elsewhere and remembered this issue. Yeah, as Stoutner pointed out it is definitely a webview, and JavaScript, thing.

For the fun of it I put Fulguris on four devices, WebRTC option turned off. Al devices are similarly network configured with a VPN service (mostly Mullvad and one Surfshark via OprnVPN app) and InviZible Pro providing Tor and DNScrypt. General traffic is not routed through Tor (mostly used for apps that can use proxy).

Device A and B have vanilla Chromium webview v106. Public and local IPs are exposed. Device C has Bromite webview v106. No IPs exposed/shown. Device D has a Bromite / UnGoogled Chromium based webview, outdated at v100. No IP addresses leaked.

Went back to Device A and routed all traffic through Tor. VPN over Tor I guess. With that the public IP is not leaked but the local is still shown.

Too bad that Bromite changed its webview package name awhile back. My devices without Magisk can only use vanilla webview, thus losing some privacy/anonymity.

[Slion]

So Bromite did fix it. @marcdw1289 thanks for sharing.