diff --git a/Android/app/src/main/java/app/intra/sys/IntraVpnService.java b/Android/app/src/main/java/app/intra/sys/IntraVpnService.java
index 54b1c45a..e04a2150 100644
--- a/Android/app/src/main/java/app/intra/sys/IntraVpnService.java
+++ b/Android/app/src/main/java/app/intra/sys/IntraVpnService.java
@@ -374,9 +374,12 @@ public void onRevoke() {
   public VpnService.Builder newBuilder() {
     VpnService.Builder builder = new VpnService.Builder();
     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
-      // Some WebRTC apps rely on the ability to bind to specific interfaces, which is only
-      // possible if we allow bypass.
-      builder = builder.allowBypass();
+      // unprivileged apps cannot bind to interfaces outside of the vpn when in lockdown mode
+      if (!isVpnLockdown()) {
+        // Some WebRTC apps rely on the ability to bind to specific interfaces, which is only
+        // possible if we allow bypass.
+        builder = builder.allowBypass();
+      }
 
       try {
         // Workaround for any app incompatibility bugs.
@@ -472,4 +475,12 @@ public String getResolvers() {
     }
     return TextUtils.join(",", ips);
   }
+
+  private boolean isVpnLockdown() {
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+      return this.isLockdownEnabled();
+    } else {
+      return false;
+    }
+  }
 }