VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher

by

Third-party VPNs made for iPhones and iPads routinely fail to route all network traffic through a secure tunnel after they have been turned on, something Apple has known about for years, a longtime security researcher has claimed (via ArsTechnica).

settings
Writing on a continually updated blog post, Michael Horowitz says that after testing multiple types of virtual private network (VPN) software on iOS devices, most appear to work fine at first, issuing the device a new public IP address and new DNS servers, and sending data to the VPN server. However, over time the VPN tunnel leaks data.

Typically, when a users connects to a VPN, the operating system closes all existing internet connections and then re-establishes them through the VPN tunnel. That is not what Horowitz has observed in his advanced router logging. Instead, sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active, leaving it potentially unencrypted and exposed to ISPs and other parties.

"Data leaves the iOS device outside of the VPN tunnel," Horowitz writes. "This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6."

Horowitz claims that his findings are backed up by a similar report issued in March 2020 by privacy company Proton, which said an iOS VPN bypass vulnerability had been identified in iOS 13.3.1 which persisted through three subsequent updates to iOS 13.

According to Proton, Apple indicated it would add Kill Switch functionality to a future software update that would allow developers to block all existing connections if a VPN tunnel is lost.

However, the added functionality does not appear to have affected the results of Horowitz's tests, which were performed in May 2022 on an iPadOS 15.4.1 using Proton's VPN client, and the researcher says any suggestions that it would prevent the data leaks are "off base."

Horowitz has recently continued his tests with iOS 15.6 installed and OpenVPN running the WireGuard protocol, but his iPad continues to make requests outside of the encrypted tunnel to both Apple services and Amazon Web Services.

As noted by ArsTechnica, Proton suggests a workaround to the problem that involves activating the VPN and then turning Airplane mode on and off to force all network traffic to be re-established through the VPN tunnel.

However, Proton admits that this is not guaranteed to work, while Horowitz claims Airplane mode is not reliable in itself, and should not be relied on as a solution to the problem. We've reached out to Apple for comment on the research and will update this post if we hear back.

Tag: Security

Popular Stories

iOS 26

Everything New in iOS 26.1 Beta 1

Monday September 22, 2025 12:44 pm PDT by
Apple released the first beta of iOS 26.1 today, just a week after launching iOS 26. iOS 26.1 mainly adds new languages to Apple Intelligence, but there are a few other features that are worth knowing about. New Apple Intelligence Languages Apple Intelligence is now available in Danish, Dutch, Norwegian, Portuguese (Portugal), Swedish, Turkish, Chinese (Traditional), and Vietnamese. AirPo...
Read Full Article123 comments
apple tv 4k new orange

Next Apple TV Expected to Launch This Year With These New Features

Monday September 22, 2025 10:00 am PDT by
The next Apple TV is expected to be released later this year, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the next Apple TV, according to rumors. Likely Features N1 Chip With Wi-Fi 7 Last year, Bloomberg's Mark Gurman said the next Apple TV would be equipped with Apple's own combined Wi-Fi and Bluetooth chip, which is...
Read Full Article89 comments
Apple Intelligence General Feature 2

iOS 26.1 Adds New Apple Intelligence Languages and Expands AirPods Live Translation

Monday September 22, 2025 11:15 am PDT by
With iOS 26.1, Apple Intelligence is gaining support for additional languages, including Danish, Dutch, Norwegian, Portuguese (Portugal), Swedish, Turkish, Chinese (Traditional), and Vietnamese. Apple announced plans to expand the languages that can be used with Apple Intelligence last year, and now the added language support is here. Apple Intelligence is now available in the following...
Read Full Article71 comments
iPhone 17 Pro and Air N1 Feature

Some iPhone 17, iPhone 17 Pro, and iPhone Air Users Experiencing Intermittent Wi-Fi Issue

Monday September 22, 2025 8:44 am PDT by
Apple's latest iPhone models launched on Friday, and some early adopters of the devices are experiencing intermittent Wi-Fi issues. Affected customers say Wi-Fi connectivity periodically cuts out on the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air, with hundreds of comments about the issue posted across the MacRumors Forums, Reddit, and the Apple Support Community over the...
Read Full Article216 comments
Apple Foldable Thumb

Foldable iPhone Like 'Two Titanium iPhone Airs' Joined at the Hinge

Monday September 22, 2025 2:16 am PDT by
Next year's rumored foldable iPhone will showcase an ultra-thin design resembling "two titanium iPhone Airs side-by-side," according to Bloomberg's Mark Gurman. Writing in the Q&A section of his latest Power On newsletter, Gurman says Apple's first foldable device will be "super thin and a design achievement," combining Apple's thinnest iPhone form factor with cutting-edge folding...
Read Full Article241 comments
iPhone 17 Pro USB C Port

iPhone 17 Pro Max's USB-C Charging Speeds Tested With Apple Chargers

Monday September 22, 2025 7:29 am PDT by
The website ChargerLAB has tested the iPhone 17 Pro Max's USB-C charging speeds with a variety of Apple's chargers, from 18W to 140W. The device reached a peak charging speed of around 36W with the following Apple chargers:40W Dynamic Power Adapter with 60W Max 61W USB-C Power Adapter 67W USB-C Power Adapter 70W USB-C Power Adapter 96W USB-C Power Adapter 140W USB-C Power AdapterFor...
Read Full Article53 comments
iPhone 17 Pro and Air Feature

Two iPhone 17 Pro and iPhone Air Colors Appear to Scratch More Easily

Friday September 19, 2025 10:02 am PDT by
As reported by Bloomberg today, some of the new iPhone 17 Pro and iPhone Air models on display at Apple Stores today are already scratched and scuffed. French blog Consomac also reported on this topic. The scratches appear to be most prominent on models with darker finishes, including the iPhone 17 Pro and Pro Max in Deep Blue, and the iPhone Air in Space Black. Images Credit: Consoma ...
Read Full Article315 comments
iOS 26

Apple Seeds First Betas of iOS 26.1, iPadOS 26.1, and macOS Tahoe 26.1

Monday September 22, 2025 10:05 am PDT by
Apple today provided developers with the first betas of upcoming iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, and visionOS 26.1 updates for testing purposes. The new betas are the first updates to the iOS, iPadOS, macOS 26, watchOS, tvOS, and visionOS releases that came out last week. The new betas can be downloaded from the Settings app on a compatible device by going...
Read Full Article121 comments
iPhone 17 Pro Colors

Skipped the iPhone 17 Pro? Here's What is Rumored for iPhone 18 Pro

Tuesday September 23, 2025 8:55 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are still a year away, there are already a few rumors about the devices that offer an early look ahead. Below, we have recapped some of the early iPhone 18 Pro rumors so far. This story was published previously, and it has been updated to reflect the latest rumors. Many early rumors prove to be true, but nothing is confirmed yet, and Apple's...
Read Full Article94 comments

Top Rated Comments

xxray Avatar
xxray
41 months ago
I remember this getting reported on a couple years ago, and never getting an update. I just assumed it had been fixed.

I’m so glad my privacy has been compromised for the last 2.5 years and still is being compromised while Apple knows about it and does nothing about it.
Score: 64 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
41 months ago
While other companies screw you on the cloud, Apple screws you "on device."
Score: 44 Votes (Like | Disagree)
BootsWalking Avatar
BootsWalking
41 months ago
This may seem like a benign annoyance but some people rely on VPNs for very important situations, like reporters who need it to protect their sources or themselves.
Score: 44 Votes (Like | Disagree)
arkitect Avatar
arkitect
41 months ago
Ah, well that probably explains why on my last trip to *cough* a country that shall remain unnamed, but where the Fruit company has many things manufactured *cough* my VPN went tits up and I was unable to use my favourite search engine.

FFS Apple!
Score: 31 Votes (Like | Disagree)
VulchR Avatar
VulchR
41 months ago
Nice to know Apple was faffing about with CSAM stuff while this vulnerability just sat there. Perhaps Apple should refund those of us who pay for VPN services? I live in the UK, where pretty much everybody, at every level of government, can gain access to your browsing history unless you use a VPN.
Score: 29 Votes (Like | Disagree)
JM Avatar
JM
41 months ago
Come on, y’all. Little ol’ Apple is doing the best they can. Bless their heart.
Score: 24 Votes (Like | Disagree)
Read All Comments