Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.
Whether it’s for work or for play, you depend on your VPN to keep your online activity private from outside parties. But if you are one of the millions of people who use an iPhone or iPad in your day-to-day workflows, you might have reason to be concerned. A researcher’s detailed report claims that a bug in iOS effectively renders your VPN useless on the operating system. We look into what the problem entails and what it means for your privacy.
The iOS Bug Issue Summarized
Earlier this year, researcher Michael Horowitz published a blog post detailing a problem with the way VPNs work on iOS. When he tested a VPN on the operating system, he discovered problematic data leaks that expose user activity and effectively render the use of the VPN useless.
“The iOS device gets a new public IP address and new DNS servers. Data is sent to the VPN server,” notes Horowitz in the post. “But, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks. Data leaves the iOS device outside of the VPN tunnel. This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN[s] and software from multiple VPN providers.”
In basic terms, the user connects their VPN to their device and all seems fine on their end. No error message or any other information is given to the user indicating that their VPN isn’t working properly on the platform. But under the hood, Horowitz found that the data is still being exposed as if the user were on a normal, unprotected connection. This bug defeats the purpose of using a VPN in the first place, and the blog has caused some noise in the cybersecurity community after being picked up by a number of outlets.
What’s even more troubling is that the blog post has similar findings to findings published by ProtonVPN in 2020. While the company did offer a workaround, it did not fix the problem entirely. So not only has this issue come up before, but it’s possible that Apple never solved this problem in more than two years of iOS software updates.
Several parties in the VPN space have reached out to Apple for a response on this issue. In an August 2022 update to ProtonVPN’s blog post, Apple stated that iOS traffic being exempt from VPN protection is “expected,” adding that “Always On VPN” functionality is only available on devices enrolled in its enterprise-focused mobile device management solution.
Michael Horowitz has reached out to the company several times and has failed to get what he feels is a substantial answer from anyone there. It informed him about the enterprise management functionality but offered no concrete information on whether a bug fix for other users was in the works. Horowitz has also noted that he spoke with Windscribe co-founder Yegor Sak about the bug and that his company has reached out to Apple about the issue on several occasions.
Clearly, the company knows about the issue both from individual researchers and at least two of the most popular vendors on the market today.
What Does This Mean for You?
One of the best features of a VPN is the wide range of compatible devices. With just one VPN account, you can usually connect your phone, computer or any other device you depend on in your daily life. Therefore, if you use your VPN on a wide range of devices, it probably still makes sense to keep your VPN subscription active.
But what if you depend solely on an iPad or iPhone? At the time of this writing, the bug is still present. While you won’t see any messages telling you on your device, the evidence seems to suggest that your data will still leak. Horowitz doesn’t seem too optimistic about the issue getting fixed. As he writes in an August 2022 update to the blog:
“What’s next? My best guess is nothing. That is, I expect nothing to change and the issue of leaking VPNs will be forgotten. They will still leak, but iOS users will not know. Apple is too big for anyone to hold [its] feet to the fire. And, the topic is too obscure an issue for it to ever get much publicity again. VPN companies are unlikely to publicize the fact that their VPNs leak on iOS, though I suspect that many want to. Maybe, if a large group of them all complained together, that could shame Apple into doing the right thing. Maybe.”
While Apple offers plenty of other security features in iOS devices (and other products), you should definitely be mindful of the issues surrounding VPNs if privacy is of the utmost importance to you. It’s possible that Apple could push an update that fixes the bug at any time. The company is also expected to launch iOS 16 sometime in September and, for all we know, there could be a fix in that update. But for the time being, it might be wise to think twice about what you do on your iOS device.
Featured Partner Offers
$39.99 per year to $99.99 per year
$34.99 per year to $59.99 per year