All VPN insecure on iPhone? This is what you need to know about the problem
You normally use a VPN to increase your security on the internet. However, a researcher now says that all VPN on iPhone are insecure because data is sent outside the VPN. This is what’s going on.
Read on after the ad.
VPN on iPhone is insecure – you need to know this
The abbreviation VPN stands for Virtual Private Network. You use such a network to have all your internet traffic go through an encrypted ‘tunnel’ and thus protect your privacy. This can help on vacation, for example, if you use public Wi-Fi networks.
But now security researcher Michael Horowitz claims that the iPhone and iPad apparently don’t always route all data traffic through an activated VPN. For example, certain connections that already exist before the VPN is activated will remain outside the tunnel and may reveal your IP address. It doesn’t matter which VPN service you use. Horowitz has tested this several times over the past few months with an iPad without a cellular connection, and recently again with the iOS and iPadOS 15.6 version.
Connections to Apple and Gmail run in the background
According to the analysis, the leak does not only concern connections to Apple’s servers – such as the push notification system service – but also, for example, connections to Google’s Gmail for a configured account.
Because data can leak out of the iOS VPN tunnel, Horowitz says all VPN apps for the iPhone and iPad don’t work as they should. According to his own account, he informed Apple about this problem in May, but even after several weeks he did not receive a response. Neither an acknowledgment or rejection of the problem, nor an announcement for an update. Even now that the problem has been made public, Apple has not yet issued a statement.
Proton VPN reported similar problem about VPN insecure on iPhone
Horowitz points out that VPN service Proton VPN reported a similar problem two years ago. A VPN couldn’t reliably disconnect and then reconnect in the tunnel in iOS. As a result, certain connections outside the VPN remained active.
Apple then introduced a kill switch feature for developers. This doesn’t fix the problem directly, but it should work around it because all active connections are cut. But apparently this one doesn’t work either.
Other workarounds, such as turning the airplane mode on and off after activating the VPN, do not seem to be a reliable solution either. According to the security researcher, the providers of VPN services have been informed of the problem. They have therefore contacted Apple. Undoubtedly to be continued.
