VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher

Third-party VPNs made for iPhones and iPads routinely fail to route all network traffic through a secure tunnel after they have been turned on, something Apple has known about for years, a longtime security researcher has claimed (via ArsTechnica).

settings
Writing on a continually updated blog post, Michael Horowitz says that after testing multiple types of virtual private network (VPN) software on iOS devices, most appear to work fine at first, issuing the device a new public IP address and new DNS servers, and sending data to the VPN server. However, over time the VPN tunnel leaks data.

Typically, when a users connects to a VPN, the operating system closes all existing internet connections and then re-establishes them through the VPN tunnel. That is not what Horowitz has observed in his advanced router logging. Instead, sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active, leaving it potentially unencrypted and exposed to ISPs and other parties.

"Data leaves the iOS device outside of the VPN tunnel," Horowitz writes. "This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6."

Horowitz claims that his findings are backed up by a similar report issued in March 2020 by privacy company Proton, which said an iOS VPN bypass vulnerability had been identified in iOS 13.3.1 which persisted through three subsequent updates to iOS 13.

According to Proton, Apple indicated it would add Kill Switch functionality to a future software update that would allow developers to block all existing connections if a VPN tunnel is lost.

However, the added functionality does not appear to have affected the results of Horowitz's tests, which were performed in May 2022 on an iPadOS 15.4.1 using Proton's VPN client, and the researcher says any suggestions that it would prevent the data leaks are "off base."

Horowitz has recently continued his tests with iOS 15.6 installed and OpenVPN running the WireGuard protocol, but his iPad continues to make requests outside of the encrypted tunnel to both Apple services and Amazon Web Services.

As noted by ArsTechnica, Proton suggests a workaround to the problem that involves activating the VPN and then turning Airplane mode on and off to force all network traffic to be re-established through the VPN tunnel.

However, Proton admits that this is not guaranteed to work, while Horowitz claims Airplane mode is not reliable in itself, and should not be relied on as a solution to the problem. We've reached out to Apple for comment on the research and will update this post if we hear back.

Top Rated Comments

xxray Avatar
6 weeks ago
I remember this getting reported on a couple years ago, and never getting an update. I just assumed it had been fixed.

I’m so glad my privacy has been compromised for the last 2.5 years and still is being compromised while Apple knows about it and does nothing about it.
Score: 64 Votes (Like | Disagree)
antiprotest Avatar
6 weeks ago
While other companies screw you on the cloud, Apple screws you "on device."
Score: 44 Votes (Like | Disagree)
BootsWalking Avatar
6 weeks ago
This may seem like a benign annoyance but some people rely on VPNs for very important situations, like reporters who need it to protect their sources or themselves.
Score: 44 Votes (Like | Disagree)
arkitect Avatar
6 weeks ago
Ah, well that probably explains why on my last trip to *cough* a country that shall remain unnamed, but where the Fruit company has many things manufactured *cough* my VPN went tits up and I was unable to use my favourite search engine.

FFS Apple!
Score: 31 Votes (Like | Disagree)
VulchR Avatar
6 weeks ago
Nice to know Apple was faffing about with CSAM stuff while this vulnerability just sat there. Perhaps Apple should refund those of us who pay for VPN services? I live in the UK, where pretty much everybody, at every level of government, can gain access to your browsing history unless you use a VPN.
Score: 29 Votes (Like | Disagree)
JM Avatar
6 weeks ago
Come on, y’all. Little ol’ Apple is doing the best they can. Bless their heart.
Score: 24 Votes (Like | Disagree)

Related Stories

mixpanel ios 16 adoption

iOS 16 Adoption Outpaces iOS 15 Adoption in First Two Days

Wednesday September 14, 2022 3:23 pm PDT by
iOS 16 is installed on an estimated 11.6 percent of iPhones two days after it launched, according to data shared by analytics company Mixpanel. The iOS 16 update was released to the public on Monday morning, and the site's data is accurate as of 12:00 a.m. Eastern Time on Wednesday morning. When iOS 15 was released last year, it was installed on just 8.5 percent of devices at the two day...
iOS 15 General Feature Green

Apple Releases iOS 15.7 and iPadOS 15.7 With Security Updates

Monday September 12, 2022 9:54 am PDT by
Alongside iOS 16, Apple has released new versions of iOS 15.7 and iPadOS 15.7. The iOS 15.7 update is aimed at those who are not able to upgrade to iOS 16, while iPadOS 15.7 is available while we wait for the launch of iPadOS 16 in October. The software updates can be downloaded on eligible iPhones over-the-air by going to Settings > General > Software Update. The iOS 15.7 and iPadOS...
ios 16 lock screen feature

iOS 16 Proves More Popular Than iOS 15 Was Last Year

Wednesday September 21, 2022 12:09 pm PDT by
iPhone users are adopting iOS 16 at a quicker pace than they adopted iOS 15 last year, according to updated data from analytics company Mixpanel. Nine days after launch, iOS 16 is installed on an estimated 23.26 percent of iPhones. 10 days after launch in 2021, iOS 15 was installed on just 19.3 percent of devices, as iPhone owners at the time seemed more reluctant to upgrade due to some...
General iOS 16 Feature Yellow

Some iOS 16 Users Continue to Face Unaddressed Bugs and Battery Drain Two Weeks After Launch

Monday September 26, 2022 7:34 am PDT by
Today marks exactly two weeks since Apple released iOS 16 to the public. Besides the personalized Lock Screen, major changes in Messages, and new features in Maps, the update has also seen its fair share of bugs, performance problems, battery drain, and more. After major iOS updates, it's normal for some users to report having issues with the new update, but such reports usually subside in...
ios 16 clipboard prompt

Apple Executive Responds to Annoying iOS 16 Copy and Paste Prompt: 'Absolutely Not Expected Behavior'

Monday September 19, 2022 6:49 am PDT by
Apple has responded to user complaints regarding an annoying pop-up in iOS 16 that asks for user permission if an app wants to access the clipboard to paste text, images, and more. The new prompt was added to iOS 16 as a privacy measure for users, requiring that apps ask for permission to access the clipboard, which may have sensitive data. The prompt, however, has become an annoyance for...
tiktok logo

FCC Commissioner Calls for Apple and Google to Ban TikTok Over 'Surreptitious' Data Practices

Wednesday June 29, 2022 3:48 am PDT by
The Federal Communications Commission has asked Apple and Google to remove TikTok from their app stores because of its "pattern of surreptitious data practices," reports TechCrunch. FCC Commissioner Brendan Carr is said to have written to Apple and Google on Tuesday to make the request, which comes after a BuzzFeed News report last week claimed TikTok staff in China have had access to U.S....
apple app store error

Some iPhone Users Unable to Update Apps After Installing iOS 16 [Update: Fixed]

Monday September 12, 2022 11:58 am PDT by
It appears that there is an issue with the App Store, as some iPhone users who have updated have found themselves unable to install apps. MacRumors has received several reports from people who are running into an issue that seems to be caused by an updated Terms and Conditions page. After installing iOS 16, attempting an app update directs affected users to a new Terms and Conditions page....
iOS App Store General Feature Sqaure Complement

Security Researchers Discover 10 App Store Apps Engaging in Ad Fraud

Monday September 26, 2022 11:26 am PDT by
Security researchers discovered 10 "adware" apps on the App Store that were engaging in ad fraud, according to a report from Bleeping Computer. The apps were designed to generate revenue by impersonating legitimate apps and presenting a deluge of ads to iPhone users. Discovered by HUMAN's Satori Threat Intelligence team, the mobile apps are part of an ad fraud campaign they're calling...

Popular Stories

apple watch ultra hammer test

YouTuber Tests Apple Watch Ultra Durability With a Hammer: Table Breaks Before the Watch

Sunday September 25, 2022 2:27 pm PDT by
A YouTuber has put Apple's claims for the durability of the Apple Watch Ultra to the test by putting it up against a drop test, a jar of nails, and repeated hits with a hammer to test the sapphire crystal protecting the display. TechRax, a channel popular for testing the durability of products, first tested the Apple Watch Ultra by dropping it from around four feet high. The Apple Watch...
tim cook spring loaded event

Six Major Products to Expect From Apple in 2023

Sunday September 25, 2022 10:57 am PDT by
As we approach the end of a busy product release season for Apple with only new iPads and Macs left to be announced over the next month or so, we're also setting our sights on 2023. Apple is rumored to have several major products in the pipeline for next year, including new Macs, a new HomePod, a VR/AR headset, and so much more. Other than new iPhones and Apple Watches, which are expected...
Tim Cook Apple Event

Gurman: New iPads and Macs May Be Announced Through Press Releases, No October Event

Sunday September 25, 2022 6:50 am PDT by
Apple may decide to release its remaining products for 2022, which include updated iPad Pro, Mac mini, and 14-inch and 16-inch MacBook Pro models, through press releases on its website rather than a digital event, according to Bloomberg's Mark Gurman. In his latest Power On newsletter, Gurman said that Apple is currently "likely to release its remaining 2022 products via press releases,...
AirPods Max 2022 Colors

Ten Things AirPods Pro 2 Tell Us About AirPods Max 2

Saturday September 24, 2022 1:00 am PDT by
Upon the release of the second-generation AirPods Pro, the AirPods Max became the oldest current-generation AirPods product still in Apple's lineup. Introducing several new features like Adaptive Transparency and the H2 chip, the second-generation AirPods Pro may provide some of the best indications yet of what to expect from the second-generation AirPods Max. Almost two years later, rumors...
iPhone 14 Pro Sports Scores Dynamic Island

iPhone 14 Pro Features Live Sports Scores in Dynamic Island on iOS 16.1

Monday September 26, 2022 7:52 am PDT by
Earlier this month, Apple announced that iOS 16.1 will enable a new Live Activities feature that allows iPhone users to stay on top of things that are happening in real time, such as a sports game or a food delivery order, right from the Lock Screen. On the iPhone 14 Pro and Pro Max, Live Activities also integrate with the Dynamic Island. Premier League match in Dynamic Island via Paul Bradford ...
General iOS 16 Feature Yellow

Some iOS 16 Users Continue to Face Unaddressed Bugs and Battery Drain Two Weeks After Launch

Monday September 26, 2022 7:34 am PDT by
Today marks exactly two weeks since Apple released iOS 16 to the public. Besides the personalized Lock Screen, major changes in Messages, and new features in Maps, the update has also seen its fair share of bugs, performance problems, battery drain, and more. After major iOS updates, it's normal for some users to report having issues with the new update, but such reports usually subside in...
iPhone 14 Pros in Hand Black Background Feature

Verizon iPhone 14 Pro Customers Reporting Cellular Connection Issues

Monday September 26, 2022 6:23 am PDT by
iPhone 14 Pro customers on the Verizon network in the U.S. are reporting issues with slow and unreliable 5G cellular connections and calls randomly dropping. Several threads on Reddit (1,2,3) and the MacRumors forums chronicle issues faced by Verizon customers and Apple's latest iPhone. According to user reports, signal strength on the iPhone 14 Pro is unreliable and weak, while other...
iphone 14 pro max deep purple

iPhone 15 'Ultra' Could Replace Pro Max Model Next Year

Sunday September 25, 2022 7:02 am PDT by
Apple is gearing up to possibly replace its "Pro Max" iPhone with an all-new "Ultra" iPhone 15 model next year, reliable Bloomberg journalist Mark Gurman said today. Writing in his latest Power On newsletter, Gurman said that for the iPhone 15, Apple is planning a revamped design alongside USB-C and a potential name change. Apple could replace its "Pro Max" branding, which it started to use...
apple watch ultra deuglify 1

Apple Watch Ultra User Mods Titanium Casing to 'Deuglify' Design

Tuesday September 27, 2022 8:05 am PDT by
An Apple Watch Ultra user has modified their new device's casing to add a brushed finish and remove the orange color of the Action Button in an effort to make it more visually appealing. The Apple Watch Ultra offers the first complete redesign of the Apple Watch since the product line's announcement in 2014, and while the design has been met with praise from many users, some have criticized...