Tag: VPN

Security researcher Michael Horowitz reported issues with iOS VPN implementation that allows some data to be sent via unsecured connection even when VPN is enabled and running.

As soon as you activate a VPN app, it should immediately close down all existing (non-secure) data connections, and then re-open them inside the secure ‘tunnel.’ This is an absolutely standard feature of any VPN service.

The problem, says Horowitz, is that iOS doesn’t allow VPN apps to close all existing non-secure connections.

9to5Mac

Possible workaround could be using Airplane mode to disconnect all existing connections. This workaround worked in previous iOS versions but seems not to work in iOS 15.

Apple reported that since 2019 there is way of fixing this issue – includeAllNetworks property.

var includeAllNetworks: Bool { get set }

There is a report though that Proton company found that it was only partially effective. Insecure connections to some Apple services are still made even when this option is turned on.

Michael Horowitz: VPNs on iOS are a scam

References:

• iOS VPN apps are broken, says security researcher, and Apple has known for years
• VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher
• iOS VPNs Are Broken
• iPhone VPN app security debate continues, as Apple says it’s fixed, and ProtonVPN says not

Back in October 2021, Google announced that its Google One storage subscription was adding a built-in VPN option. The Google One VPN is now seeing an expansion on new locations, include Canada, France, Germany, Italy, Mexico, Spain, and the UK.