That VPN May Be Leaking Your Data On iOS Devices And Apple Has Known For Years

vpn ios hero
Security researcher Michael Horowitz, not to be confused with the current United States Inspector General, has been updating a blog post titled "VPNs on iOS are a scam" ever since May 2022. The rather lengthy post goes into detail about data leaks that occur outside of a VPN tunnel on iOS. The issue was first reported way back in 2020 by ProtonVPN.

VPNs initially assign a new IP address on the device outside of its cellular or Wi-Fi connection. However, the iOS device seems to kind of ignore that the VPN is active over time. It starts letting data seep out through non-VPN connections. It is a pretty big deal, especially for security-conscious people. VPNs are touted as a method of increasing privacy by routing your Internet traffic through a trusted third party. The fact that it just stops working properly over time – and that Apple has allegedly been aware of the problem since 2020 – is not good.

ipad vpn scaled

Horowitz goes into detail in his blog about how he has decided to test and check multiple VPN providers. He does point out that there are some VPN options out there that use a feature known as split-tunneling. This occurs when the traffic is shared through both VPN and non-VPN connections to improve speeds and reliability. Naturally, this is not a secure way of using VPNs as you are not routing all traffic through the VPN. He also points out that his colleague Matt Volante found that iOS Exchange ActiveSync outright ignores the VPN connection. It prefers to go straight to using a cellular data connection without using the VPN tunnel. 

For years Apple has tried to tout its devices as the "most secure," but its claims are "iffy" at best. For example, one 2000s Macintosh ad attempted to convince people of the bold claim that the computers simply do not get viruses. Obviously, anyone who understands how computers work even on the most basic of levels knows that this is simply untrue of any computing device.

There has so far been no confirmation as to whether or not ProtonVPN has followed up with Apple after their most recent update in October 2020.  iOS has gone from major version 14 to major version 15 since the issue was reported. According to Horowitz, the issue still occurs even on iOS version 15.6. Horowitz provides somewhat of a security tool kit guidance page called his Defensive Computing Checklist. This is a pretty comprehensive list of best practices and tools to both use or avoid. It is a great set of information to keep in mind for anyone who uses the Internet today and we highly recommend adding it to your reading check list for Internet security best practices.

horizontal ipad vpn scaled

There has not been any kind of update or commend from Apple for now. Hopefully the issue's increased visibility will prompt them to make an update or a statement in the future. We may get an update from Proton as well since they are a primary source that originally confirmed the issue.