VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher

by

Third-party VPNs made for iPhones and iPads routinely fail to route all network traffic through a secure tunnel after they have been turned on, something Apple has known about for years, a longtime security researcher has claimed (via ArsTechnica).

settings
Writing on a continually updated blog post, Michael Horowitz says that after testing multiple types of virtual private network (VPN) software on iOS devices, most appear to work fine at first, issuing the device a new public IP address and new DNS servers, and sending data to the VPN server. However, over time the VPN tunnel leaks data.

Typically, when a users connects to a VPN, the operating system closes all existing internet connections and then re-establishes them through the VPN tunnel. That is not what Horowitz has observed in his advanced router logging. Instead, sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active, leaving it potentially unencrypted and exposed to ISPs and other parties.

"Data leaves the iOS device outside of the VPN tunnel," Horowitz writes. "This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6."

Horowitz claims that his findings are backed up by a similar report issued in March 2020 by privacy company Proton, which said an iOS VPN bypass vulnerability had been identified in iOS 13.3.1 which persisted through three subsequent updates to iOS 13.

According to Proton, Apple indicated it would add Kill Switch functionality to a future software update that would allow developers to block all existing connections if a VPN tunnel is lost.

However, the added functionality does not appear to have affected the results of Horowitz's tests, which were performed in May 2022 on an iPadOS 15.4.1 using Proton's VPN client, and the researcher says any suggestions that it would prevent the data leaks are "off base."

Horowitz has recently continued his tests with iOS 15.6 installed and OpenVPN running the WireGuard protocol, but his iPad continues to make requests outside of the encrypted tunnel to both Apple services and Amazon Web Services.

As noted by ArsTechnica, Proton suggests a workaround to the problem that involves activating the VPN and then turning Airplane mode on and off to force all network traffic to be re-established through the VPN tunnel.

However, Proton admits that this is not guaranteed to work, while Horowitz claims Airplane mode is not reliable in itself, and should not be relied on as a solution to the problem. We've reached out to Apple for comment on the research and will update this post if we hear back.

Tag: Security

Popular Stories

Alleged iOS 19 Icons Front Page Tech

iOS 19 Leak Reveals Alleged New Design With Rounder App Icons, Floating Tab Bar, and More

Monday April 7, 2025 3:13 pm PDT by
YouTube channel Front Page Tech is back today with another video that provides a closer look at iOS 19's alleged design changes. The video contains re-created renders of iOS 19, which are allegedly based on real footage of the software update, provided by sources within Apple. Overall, iOS 19 is expected to have a more glass-like, visionOS-inspired design, with added translucency for user...
Read Full Article238 comments
iOS 18 Siri Personal Context

Report Reveals Internal Chaos Behind Apple's Siri Failure

Thursday April 10, 2025 7:15 am PDT by
A new report from The Information today reveals much of the internal turmoil behind Apple Intelligence's revamped version of Siri. Apple apparently weighed up multiple options for the backend of Apple Intelligence. One initial idea was to build both small and large language models, dubbed "Mini Mouse" and "Mighty Mouse," to run locally on iPhones and in the cloud, respectively. Siri's...
Read Full Article310 comments
M6 MacBook Pro Feature 1

Waiting for the Perfect MacBook Pro? 2026 Might Be the Year

Thursday April 10, 2025 4:19 am PDT by
Apple in October 2024 overhauled its 14-inch and 16-inch MacBook Pro models, adding M4, M4 Pro, and M4 Max chips, Thunderbolt 5 ports on higher-end models, display changes, and more. That's quite a lot of updates in one go, but if you think this means a further major refresh for the MacBook Pro is now several years away, think again. Bloomberg's Mark Gurman has said he expects only a small...
Read Full Article102 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

iPhone 17 Pro's New Rear Camera Bar 'Same Color As Rest of Device'

Monday April 7, 2025 2:09 am PDT by
Apple's upcoming iPhone 17 Pro models will feature a redesigned rear camera panel that spans the width of the device, but it will be the same color as the iPhone itself, rather than being part of a two-tone design. That's according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, the reporter says the iPhone 17 Pro won't have a two-toned back, as some renders have...
Read Full Article65 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

5 Biggest Changes Rumored for iPhone 17 Pro

Tuesday April 8, 2025 2:38 am PDT by
Later this year, Apple will introduce the iPhone 17 series, which includes the iPhone 17 Pro and the iPhone 17 Pro Max, two new high-end flagship devices that will be sold alongside the regular iPhone 17 and an all-new ultra-thin iPhone 17 Air. If you have been holding out for the iPhone 17 Pro or its bigger sibling, here are five of the biggest changes, informed by the latest reports and...
Read Full Article82 comments
iPhone Assembly

Trump Believes Apple Could Manufacture iPhones in the U.S.

Tuesday April 8, 2025 12:08 pm PDT by
U.S. President Donald Trump "absolutely" believes that Apple could manufacture its iPhones and other devices in the United States, Press Secretary Karoline Leavitt said today during a media briefing. Leavitt was asked whether Trump thought that iPhone manufacturing is the kind of technology that could move to the U.S. "Absolutely, he believes we have the labor, we have the workforce, we have ...
Read Full Article602 comments
Apple Northbrook

Apple Store in Chicago Area Permanently Closing Later This Month

Wednesday April 9, 2025 9:56 am PDT by
Apple will be permanently closing its store at the Northbrook Court shopping mall in the Chicago suburb of Northbrook on April 26, the company has announced. Apple has added the following notice to the store's web page:Thank you Northbook. Apple Northbrook is closing on April 26 at 7pm. We're still here for you. Please visit apple.com/retail to find your nearest store.Apple Northbrook opened ...
Read Full Article35 comments
iOS 18

iOS 18.4.1 Update Coming Soon for iPhones

Wednesday April 9, 2025 8:56 am PDT by
Apple employees are testing iOS 18.4.1 for iPhones, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions. The software update will likely be released in a week or two, if not sooner. As the version number implies, iOS 18.4.1 will obviously be a minor update that addresses software bugs and/or security vulnerabilities. There are no...
Read Full Article21 comments
iOS 19 visionOS UI Elements

All the Design Changes Rumored for iOS 19 So Far

Tuesday April 8, 2025 2:04 pm PDT by
Apple is going to unveil iOS 19 in just about two months at its June WWDC event, and rumors suggest that it's going to bring a big change to the iPhone's design. It's been described as the most notable design overhaul since iOS 7, so it should be an exciting update. We've rounded up everything we've heard so far about the design changes coming to iOS 19. visionOS-like design with...
Read Full Article48 comments

Top Rated Comments

xxray Avatar
xxray
35 months ago
I remember this getting reported on a couple years ago, and never getting an update. I just assumed it had been fixed.

I’m so glad my privacy has been compromised for the last 2.5 years and still is being compromised while Apple knows about it and does nothing about it.
Score: 64 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
35 months ago
While other companies screw you on the cloud, Apple screws you "on device."
Score: 44 Votes (Like | Disagree)
BootsWalking Avatar
BootsWalking
35 months ago
This may seem like a benign annoyance but some people rely on VPNs for very important situations, like reporters who need it to protect their sources or themselves.
Score: 44 Votes (Like | Disagree)
arkitect Avatar
arkitect
35 months ago
Ah, well that probably explains why on my last trip to *cough* a country that shall remain unnamed, but where the Fruit company has many things manufactured *cough* my VPN went tits up and I was unable to use my favourite search engine.

FFS Apple!
Score: 31 Votes (Like | Disagree)
VulchR Avatar
VulchR
35 months ago
Nice to know Apple was faffing about with CSAM stuff while this vulnerability just sat there. Perhaps Apple should refund those of us who pay for VPN services? I live in the UK, where pretty much everybody, at every level of government, can gain access to your browsing history unless you use a VPN.
Score: 29 Votes (Like | Disagree)
JM Avatar
JM
35 months ago
Come on, y’all. Little ol’ Apple is doing the best they can. Bless their heart.
Score: 24 Votes (Like | Disagree)
Read All Comments