VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher

Third-party VPNs made for iPhones and iPads routinely fail to route all network traffic through a secure tunnel after they have been turned on, something Apple has known about for years, a longtime security researcher has claimed (via ArsTechnica).

settings
Writing on a continually updated blog post, Michael Horowitz says that after testing multiple types of virtual private network (VPN) software on iOS devices, most appear to work fine at first, issuing the device a new public IP address and new DNS servers, and sending data to the VPN server. However, over time the VPN tunnel leaks data.

Typically, when a users connects to a VPN, the operating system closes all existing internet connections and then re-establishes them through the VPN tunnel. That is not what Horowitz has observed in his advanced router logging. Instead, sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active, leaving it potentially unencrypted and exposed to ISPs and other parties.

"Data leaves the iOS device outside of the VPN tunnel," Horowitz writes. "This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6."

Horowitz claims that his findings are backed up by a similar report issued in March 2020 by privacy company Proton, which said an iOS VPN bypass vulnerability had been identified in iOS 13.3.1 which persisted through three subsequent updates to iOS 13.

According to Proton, Apple indicated it would add Kill Switch functionality to a future software update that would allow developers to block all existing connections if a VPN tunnel is lost.

However, the added functionality does not appear to have affected the results of Horowitz's tests, which were performed in May 2022 on an iPadOS 15.4.1 using Proton's VPN client, and the researcher says any suggestions that it would prevent the data leaks are "off base."

Horowitz has recently continued his tests with iOS 15.6 installed and OpenVPN running the WireGuard protocol, but his iPad continues to make requests outside of the encrypted tunnel to both Apple services and Amazon Web Services.

As noted by ArsTechnica, Proton suggests a workaround to the problem that involves activating the VPN and then turning Airplane mode on and off to force all network traffic to be re-established through the VPN tunnel.

However, Proton admits that this is not guaranteed to work, while Horowitz claims Airplane mode is not reliable in itself, and should not be relied on as a solution to the problem. We've reached out to Apple for comment on the research and will update this post if we hear back.

Popular Stories

Generic iOS 19 Feature Mock Light

iOS 19 Will Bring Biggest Design Overhaul Since iOS 7

Monday March 10, 2025 12:17 pm PDT by
Apple is planning for a major design overhaul of the iPhone, iPad, and Mac interfaces with the introduction of iOS 19, iPadOS 19, and macOS 16 later this year, reports Bloomberg. The update will "fundamentally change" the look of Apple's operating system, introducing a more consistent cross-platform experience. Apple plans to update the style of icons, menus, apps, windows, and system...
ios 18 4 carplay

Apple Upgrades CarPlay in Two Ways

Wednesday March 12, 2025 6:05 am PDT by
The upcoming iOS 18.4 update for the iPhone includes a smaller but meaningful improvement for Apple's in-car iPhone mirroring system CarPlay. Specifically, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra with a...
Apple One Apps Feature 2

Apple One's Best Plan Now Includes Two More Perks For Free

Monday March 10, 2025 6:40 am PDT by
Apple One allows you to subscribe to up to six Apple services for one discounted monthly price. There are three Apple One tiers: Individual, Family, and Premier. Over the last month, the highest-end ‌Apple One‌ Premier plan has gained two additional perks. Here is what Apple One Premier already included, for $37.95 per month:Apple Music Apple TV+ Apple Arcade Apple News+ Apple Fitness+...
airpods pro 2 gradient

AirPods Pro 3 Launch Now Just Months Away: Here's What We Know

Tuesday March 11, 2025 3:26 am PDT by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as excellent for...
iOS 18

12 New Things Your iPhone Can Do in iOS 18.4

Monday March 10, 2025 9:28 am PDT by
Apple is set to release iOS 18.4 in early April, bringing further refinements to Apple Intelligence features, a neat new capability to iPhone 15 Pro devices, new emoji, and more. While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.4 still introduces enhancements that aim to make your iPhone smarter and more intuitive. Below, we've listed 12 new...
iphone 17 mockups idevicehelp

Video Shows iPhone 17 Mockups Based on 'Internal Documents'

Monday March 10, 2025 4:41 am PDT by
YouTuber iDeviceHelp on Friday posted a video that shows off mockups of Apple's forthcoming iPhone 17 models that are purportedly based on "internal documents." We're sharing the video here since it was made in collaboration with leaker Majin Bu, who last month published similar iPhone 17 renders that were widely corroborated by separate leakers with links to Apple's Chinese supply chain....
iOS 18

iOS 18.3.2 Update Coming Soon for iPhones

Monday March 10, 2025 7:25 am PDT by
Apple employees are internally testing iOS 18.3.2 for iPhones, according to our website's visitor logs, which have been a reliable indicator of upcoming iOS versions. The software update should be released in the next week or two. iOS 18.3.2 will be a minor update that addresses software bugs and/or security vulnerabilities. Don't expect any new features. iOS 18.3.2 will be an interim...
Apple Maps vs Google Maps Feature

iOS 18.4 Adds a Highly-Requested Setting to iPhones — But Not in U.S.

Wednesday March 12, 2025 1:05 pm PDT by
iPhones are finally getting a much-requested setting, but availability is limited. The upcoming iOS 18.4 update introduces an option to set a default navigation app, other than Apple Maps, but unfortunately this new setting is limited to users in the EU. There, you can now set an app like Google Maps or Waze as your default navigation app on the iPhone by opening the Settings app and tapping ...
iOS 18

Apple Releases iOS 18.3.2 With Bug Fixes

Tuesday March 11, 2025 10:33 am PDT by
Apple today released iOS 18.3.2 and iPadOS 18.3.2, minor updates for the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.3.2 and iOS 18.3.2 come a month after Apple released iOS 18.3.1 and iPadOS 18.3.1. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. According to Apple's release...

Top Rated Comments

xxray Avatar
34 months ago
I remember this getting reported on a couple years ago, and never getting an update. I just assumed it had been fixed.

I’m so glad my privacy has been compromised for the last 2.5 years and still is being compromised while Apple knows about it and does nothing about it.
Score: 64 Votes (Like | Disagree)
antiprotest Avatar
34 months ago
While other companies screw you on the cloud, Apple screws you "on device."
Score: 44 Votes (Like | Disagree)
BootsWalking Avatar
34 months ago
This may seem like a benign annoyance but some people rely on VPNs for very important situations, like reporters who need it to protect their sources or themselves.
Score: 44 Votes (Like | Disagree)
arkitect Avatar
34 months ago
Ah, well that probably explains why on my last trip to *cough* a country that shall remain unnamed, but where the Fruit company has many things manufactured *cough* my VPN went tits up and I was unable to use my favourite search engine.

FFS Apple!
Score: 31 Votes (Like | Disagree)
VulchR Avatar
34 months ago
Nice to know Apple was faffing about with CSAM stuff while this vulnerability just sat there. Perhaps Apple should refund those of us who pay for VPN services? I live in the UK, where pretty much everybody, at every level of government, can gain access to your browsing history unless you use a VPN.
Score: 29 Votes (Like | Disagree)
JM Avatar
34 months ago
Come on, y’all. Little ol’ Apple is doing the best they can. Bless their heart.
Score: 24 Votes (Like | Disagree)