I know that the title of this news may seem tremendous, you may think that I am referring to a specific failure, and there is even the possibility that you think that I am doing clickbait. And, you know, as an iOS user I wish you were right and that this was an exaggeration, but I am very afraid that it is not, according to an extensive investigation carried out by Michael Horowitz and which shows that, for some time now, time, at least two years, the operation of VPN networks on iOS is not as reliable as it should be.
Signs of this already existed for a little over two years. In March 2020 ProtonVPN, the VPN service from the creators of ProtonMail, reported for the first time the incorrect operation of these services in the iPhone operating system. This issue was identified in iOS 13.3.1 and has persisted in all versions released up to this point since then. The latest version audited is the latest version 15.6 and the problem is still there. It is unknown, however, if iOS 16, which will debut in a few weeks, still has this problem or has already been corrected.
The problem is that when activating a VPN connection the operating system should terminate all open internet connections at that time and automatically reset them through the VPN to prevent data from being transmitted outside the layer of security provided by the VPN. However, and according to the researcher’s tests, iOS does not close all currently open connectionswhich means that, even with the VPN active, part of the device’s data traffic can occur outside the virtual private network.
«It takes so little time and effort to recreate this, and the problem is so constant, that if [Apple] If I tried, I should have been able to recreate it“, he writes in his report. «At first they seem to work fine […] But, over time, a detailed inspection of the data leaving the iOS device shows that the VPN tunnel is leaky.«. The problem also affects iPadOS.
This, by itself, is already a problem for any user of VPN services on Apple devices, but it becomes much more chilling if we take into account that these types of services are used, on a regular basis, by people living in totalitarian states who analyze the network traffic of their citizens. This problem may have endangered the safety of these people permanently and for at least two years.
And it is even worse if we take into account that, for some time now, Apple has established itself as a great defender of the privacy of its users. And it is true that it has taken many very good measures in this regard, but now we find out that the company has known about it for two years and that, until now, it has neither solved the problem nor, at the very least, notified its users about it to act with greater caution. They say that even the best scribe makes a blur, yes, but what is not so common is that they let more than two years go by without correcting it.