iOS VPN Vulnerabilities and Data Leaks: An Ongoing Issue

Despite advancements in iOS versions, VPN vulnerabilities persist, affecting user privacy and security. Even in the latest version, iOS 18.1. The problem, initially highlighted by security researchers and companies like ProtonVPN, continues to affect users who rely on VPNs for secure internet connections. Michael Horowitz, on a well updated blog post. Put it clearly that "VPNs on iOS are broken,".

The Problem

• Persistent Data Leaks: VPNs on iOS fail to route all network traffic through the VPN tunnel. This issue allows some data to bypass the VPN, exposing users' real IP addresses and potentially unencrypted data to ISPs and other entities.
• Existing Connections: When a VPN is activated, existing connections are not terminated and re-established within the VPN tunnel. This flaw means that data from these connections can leak outside the VPN.
• Apple's Response: Despite being aware of the issue for years, Apple has not provided a comprehensive fix. The company introduced a partial solution in iOS 14, but it remains ineffective for many users.

Testing and Findings

• Testing Methodology: Tests conducted using various VPN protocols (Synology SSL VPNs, IKEv2, WireGuard) on iOS devices revealed that data leaks occur consistently. These tests involved monitoring outbound requests from iOS devices to verify if all data was routed through the VPN.
• Results: The tests showed that while most data travels through the VPN tunnel, some data, particularly from Apple's services, leaks outside. This includes connections to Apple Push services and other Apple-owned IP addresses.

Possible Causes

• Split Tunneling: Some speculate that split tunneling, a feature that allows certain traffic to bypass the VPN, might be enabled by default to support services like CarPlay. However, this feature is typically off by default in most VPN apps.
• Apple's Design Choices: Apple's design choices, such as allowing certain services to bypass VPNs, contribute to the issue. The "includeAllNetworks" flag introduced in iOS 14 is supposed to address this, but it is buggy and not widely adopted by VPN providers.

Workarounds and Recommendations

• Router-Based VPNs: One effective workaround is to use a VPN client on a router instead of the iOS device. This ensures that all traffic from the device is routed through the VPN.
• Airplane Mode Trick: ProtonVPN suggested a workaround involving toggling Airplane Mode to reset connections, but this is not foolproof and may not work consistently across devices.

The persistence of VPN data leaks on iOS highlights a significant security flaw that Apple has yet to fully address. Users concerned about privacy should consider alternative solutions, such as using VPNs on routers, until a reliable fix is implemented. The issue underscores the importance of transparency and accountability in software development, especially for companies like Apple that emphasize privacy and security.