Tor Browser on Android leaks IP in desktop mode

I've been testing Tor Browser on Android (rooted tablet + Bluetooth tether sniffer). Here's what I found: These requests contain: · Your real IP address · The .onion URL in the Referer header · Tor Browser user-agent The evidence (captured live): ``` [18:12:10] 10.188.1.98 -> 192.178.183.95 (Akamai) [18:12:14] 10.188.1.98 -> 142.251.14.95 (Google) [18:12:22] 10.188.1.98 -> 142.251.20.95 (Google) ``` HTTP attempts: 5 HTTPS SNI captured: 0 All plain text. No encryption. Tor not involved. What this means: Every time you use Tor Browser on Android, switch to Desktop Mode, and visit a .onion site, you're broadcasting your real IP to Google, Amazon, and anyone monitoring your network.