Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

jtara

macrumors 68020
Original poster
Mar 23, 2009
2,008
536
When updating my iPad apps this morning (I only update apps manually), there was an update to Speedtest. I noticed this sentence in the What's New notes:

In addition to some app performance improvements, this release also includes an early preview of Speedtest VPN.

Speedtest VPN?

I did some searching. Found the answer on the Ookla website. Yes, they are beta testing a VPN. Yes, the functionality is included in the current Speedtest apps for iOS and Android.

I immediately deleted the app, which I've had installed now for several years. Now looking for a speed testing app that is JUST a speed testing app.

I should add that my iPad has been acting flakey for the past few days. Unexplainable delays in all apps. I see version history says 6d agp version 4.1.14. Odd, as that update just turned up today. I speculate that perhaps they added the preview a few days ago - I don't think there is any way to know exactly when that note was added to the what's new. I'll see if my iPad acts more rationally now.

I ASSUME that the app would have to ask permission to install a VPN. And I ASSUME that the feature is configurable on or off, and defaults off. But I didn't stick around long enough to find out. I did an immediate delete when I say the word "VPN". I can't IMAGINE they added a VPN capability, and enabled it by default.

Now, don't get me wrong. VPNs are useful. VPNs can enhance your security. I use a VPN when I am away from home. I use Apple's built-in IPSEC VPN capability. The endpoint is my home router. I would have to have a very high level of trust in the company to install a third-party VPN app.

This one came wrapped in a Christmas bow in the shape of a wooden horse. Sorry, I am the ungrateful crybaby who does not want a wooden horse!

If Ookla wants to provide a VPN service, they should publish a separate VPN app. Apple bears responsibility as well. They should not permit an app to make this radical a change to it's functionality.

Did anybody here who has Speedtest installed think that it would ever have full access to all of your Internet traffic originating from your device?

I have deleted Speedtest on all of my devices, including MacOs out of an abundance of caution.
 
  • Like
Reactions: nc_lee
When updating my iPad apps this morning (I only update apps manually), there was an update to Speedtest. I noticed this sentence in the What's New notes:



Speedtest VPN?

I did some searching. Found the answer on the Ookla website. Yes, they are beta testing a VPN. Yes, the functionality is included in the current Speedtest apps for iOS and Android.

I immediately deleted the app, which I've had installed now for several years. Now looking for a speed testing app that is JUST a speed testing app.

I should add that my iPad has been acting flakey for the past few days. Unexplainable delays in all apps. I see version history says 6d agp version 4.1.14. Odd, as that update just turned up today. I speculate that perhaps they added the preview a few days ago - I don't think there is any way to know exactly when that note was added to the what's new. I'll see if my iPad acts more rationally now.

I ASSUME that the app would have to ask permission to install a VPN. And I ASSUME that the feature is configurable on or off, and defaults off. But I didn't stick around long enough to find out. I did an immediate delete when I say the word "VPN". I can't IMAGINE they added a VPN capability, and enabled it by default.

Now, don't get me wrong. VPNs are useful. VPNs can enhance your security. I use a VPN when I am away from home. I use Apple's built-in IPSEC VPN capability. The endpoint is my home router. I would have to have a very high level of trust in the company to install a third-party VPN app.

This one came wrapped in a Christmas bow in the shape of a wooden horse. Sorry, I am the ungrateful crybaby who does not want a wooden horse!

If Ookla wants to provide a VPN service, they should publish a separate VPN app. Apple bears responsibility as well. They should not permit an app to make this radical a change to it's functionality.

Did anybody here who has Speedtest installed think that it would ever have full access to all of your Internet traffic originating from your device?

I have deleted Speedtest on all of my devices, including MacOs out of an abundance of caution.

Thank you for warning us about Speedtest; I will no longer recommend Speedtest in my consulting/repair business. Look for FAST by Netflix in the App Store. Very minimalist interface; works well.
 
FYI, after removal and a full reboot the mysterious delays and freezing in multiple apps has stopped. Though not logical (since the Speedtest VPN feature should I'm sure by Apple policy default off) there seems a correlation here. I've changed nothing else.

I read some comments elsewhere that links in Speedtest Settings were going to the wrong settings pages within the app, yikes!

I think there is more here than meets the eye, and this is the next cyber security news story to blow up.

Another concern here is that though described in the "what's new" as a "preview", Ookla has described this elsewhere as a "beta test". Since when do beta tests go in the App Store? They belong in Testflight.
 
I've got Speedtest so I checked out what the OP was referencing. There's a VPN "tab" at the bottom of the app. When I touch it a VPN switch appears. When I click the switch ON I get the following alert:

Screen Shot 2019-12-26 at 1.00.42 PM.png


If I don't allow it the VPN configuration will NOT be created. The VPN won't work unless I do allow the VPN configuration. It is NOT enabled by default.
 
  • Like
Reactions: Ericdjensen
Storm meet teacup.

And 'snuck in'? You yourself @jtara stated it was in the release notes. In addition there's an icon for it on the bottom and iOS requires you to confirm is installation.

Massive overreaction in my book.

And no, I don't think this has anything to do with your flaky iPad performance either.
 
To add to my previous post, there are a couple of things going on here worth digging into:

- the app did nothing more then add a new feature that you need to actively opt to use. I see no sneaky stuff going on at all. If you don't chose to use the service, the app, for now at least, will operate exactly how it has.

- why the immediate distrust of anything related to a VPN? Ookla's help docs indicate "Speedtest VPN is a zero logs service, meaning we do not collect, store or sell any online activity data. This includes sites you visit, your search history, and your app content." Now, this has to be validated, but I am curious as the immediate distrust of a VPN?
 
And 'snuck in'? You yourself @jtara stated it was in the release notes.

Yes. A short half-sentence that mentions the new VPN feature, without explaining what it is.

In addition to some app performance improvements, this release also includes an early preview of Speedtest VPN.

There is NO description or explanation of the VPN feature.

BTW, I did go back to the App Store and determined when this feature was first added. (Or at least when the note was added.) The note was added in version 4.1.13, dated (as of today) "1 w ago" 4.1.14 is also dated "1 w ago" but didn't show up on my iPad until yesterday.

And the App Store explicitly disallows "beta tests", "early previews", or however you'd like to describe incomplete, not fully-tested, not ready-for-prime-time features. They belong in internal QA and/or TestFlight builds.

In addition there's an icon for it on the bottom and iOS requires you to confirm is installation.

Yes, and in the first release with this, the tabs were mixed up! According to responses in Ratings and Reviews:

VPN now shows all results. RESULTS shows settings. SETTINGS shows nothing.

This should have been caught in Apple review and in Ookla's own QA. But it wasn't. How does something that obvious slip through? Oh, yea, "Christmas shutdown rush". (Correct me if there is no longer a Christmas app store review shutdown?)

----
I think that there now is a substantial misrepresentation of the functionality of Speedtest.

I suggested to a friend that he uninstall Speedtest. I TRIED to explain what a VPN is, and why one might use one. He didn't get it. I suspect that MOST users would not understand what a VPN is or the extraordinary access a VPN extension is given to your data. I can easily see many users touching the tab wondering "what does this do"? and just enabling it without realizing what they are doing.

My friend trusted my judgement and did uninstall it.
 
Last edited:
It is your personal choice to use an app or not. But it is merely my opinion that your reasoning to stop using the app is way way off base. There is nothing nefarious about a VPN, and I am not sure why you are treating it like the addition of this feature is somehow wrong or illicit.


Yes. A short half-sentence that mentions the new VPN feature, without explaining what it is.



There is NO description or explanation of the VPN feature.

BTW, I did go back to the App Store and determined when this feature was first added. (Or at least when the note was added.) The note was added in version 4.1.13, dated (as of today) "1 w ago" 4.1.14 is also dated "1 w ago" but didn't show up on my iPad until yesterday.



Yes, and in the first release with this, the tabs were mixed up! According to responses in Ratings and Reviews:



This should have been caught in Apple review and in Ookla's own QA. But it wasn't.

----
I think that there now is a substantial misrepresentation of the functionality of Speedtest.

I suggested to a friend that he uninstall Speedtest. I TRIED to explain what a VPN is, and why one might use one. He didn't get it. I suspect that MOST users would not understand what a VPN is or the extraordinary access a VPN extension is given to your data. I can easily see many users touching the tab wondering "what does this do"? and just enabling it without realizing what they are doing.

My friend trusted my judgement and did uninstall it.
 
  • Like
Reactions: Super Spartan
It is your personal choice to use an app or not. But it is merely my opinion that your reasoning to stop using the app is way way off base. There is nothing nefarious about a VPN, and I am not sure why you are treating it like the addition of this feature is somehow wrong or illicit.

Some folk are not happy unless they can be outraged.
 
There is nothing nefarious about a VPN, and I am not sure why you are treating it like the addition of this feature is somehow wrong or illicit.

Can you point out where I have stated that VPNs are "nefarious", or anything similar?

VPN software is a cybersecurity risk. User's should throughly understand the risks, and should evaluate the risks and vet the software vendor as best they can.

As I've stated earlier, I use Apple's built-in IPSEC VPN. While I would rather that Apple open-source this so that it can be vetted by security researchers, I am "bought in" enough to the Apple infrastructure (as I assume most here are) that I do trust Apple with this functionality.

I have in the past also used OpenVPN. OpenVPN is open-source, and can be examined and poked-at. The app store release can be verified to have been built from published source. And as a developer, I can build it myself from source and install on my devices. While I don't currently have a need for an HTTPS VPN, if I have a need in the future, I will stick to OpenVPN.

I feel I've made "safer" choices.

I've marshalled several apps through the App Store approval process on behalf of clients. And so I'm well aware of the App Store rules. I've never had any rejection or delay or questions or concerns from Apple. This is because I've always urged strict compliance with both the letter and spirit of the App Store rules.

At the same time, I have encountered companies and individuals who have issue after issue getting their apps approved. In every case, it has been a matter of either trying to sneak something through that is not allowed, or not throughly reading the rules.

This one is a violation (as well as failure on the part of Apple to sufficiently test) on several fronts, IMO:

- it is "beta" or "early preview" functionality. That is in violation of App Store policy

2.2 Beta Testing
Demos, betas, and trial versions of your app don’t belong on the App Store – use TestFlight instead.

- This is major new functionality that is not adequately described. It would be easy to miss that half-sentence in the "what's new". Most users probably don't even know what a VPN is, and most probably would not have even read that half-sentence.

2.3 Accurate Metadata
Customers should know what they’re getting when they download or buy your app, so make sure your app description, screenshots, and previews accurately reflect the app’s core experience and remember to keep them up-to-date with new versions.

  • 2.3.1 Don’t include any hidden or undocumented features in your app; your app’s functionality should be clear to end-users and App Review.

A half-sentence mentioning "early preview of VPN" does not adequately disclose the new functionality. There are no screen shots showing VPN functionality. There is no text describing VPN functionality. There is some marketing material and some Q&A on the company's website, which you would have to proactively search for.

Additionally, publishers are expected to DRAW ATTENTION to new functionality in a note to Apple testers. It is not supposed to be a game of hide-and seek. Publishers who fail to do so run the risk of a nasty surprise later if/when Apple realizes that they've been punked by the publisher. It is GOOD INSURANCE to make certain that the Apple testers are aware of new functionality in order to avoid this risk. Not paying attention to this can risk having to give refunds (which COST PUBLISHERS MONEY on priced apps, because commissions are NOT rebated to the publisher) and risk business interruption.

Of course, I have no way of knowing if Ookla drew the reviewer's attention to the new functionality or not. What do you think, based on the available evidence?

- Apple failed to adequately test the app. There was an OBVIOUS flub in the first release with the VPN where the tabs at the bottom of the page were scrambled, and not one of them did what it says that it does. I suspect this was due in part to the "Christmas rush" and the desire on the part of testers to clear their plate. While it may be admirable that they did that, clearly they missed something quite obvious.

- The tabs were jumbled initially. VPN tab led to test results instead of VPN. What do you think is the probability that Apple actually tested the VPN part of it?

2.1 App Completeness
Submissions to App Review, including apps you make available for pre-order, should be final versions with all necessary metadata and fully functional URLs included; placeholder text, empty websites, and other temporary content should be scrubbed before submission. Make sure your app has been tested on-device for bugs and stability before you submit it, and include demo account info (and turn on your back-end service!)

Jumbled tabs = neither the vendor nor Apple adequately tested. The app release with the jumbled tabs should have been rejected. (It appears it may have been replaced the same day, but still the horse left the gate...)

Users discovered that they had to tap on the VPN tab to see results. Now those users are entrained to tap on the VPN tab. Many will not read or understand what is being offered there. And that's not their fault. They originally installed a speed test app. Not a VPN app.
 
Last edited:
There is zero, repeat zero, violation. The app is not forcing you to use the VPN feature. The use of the speed test feature works exactly like it always has. You have to basically opt in to use the VPN. You are acting as if they have tricked you into using it. They haven't. There is nothing about the introduction of this feature, in its current form, that is any kind of cyber security risk.

Can you point out where I have stated that VPNs are "nefarious", or anything similar?

VPN software is a cybersecurity risk. User's should throughly understand the risks, and should evaluate the risks and vet the software vendor as best they can.

As I've stated earlier, I use Apple's built-in IPSEC VPN. While I would rather that Apple open-source this so that it can be vetted by security researchers, I am "bought in" enough to the Apple infrastructure (as I assume most here are) that I do trust Apple with this functionality.

I have in the past also used OpenVPN. OpenVPN is open-source, and can be examined and poked-at. The app store release can be verified to have been built from published source. And as a developer, I can build it myself from source and install on my devices. While I don't currently have a need for an HTTPS VPN, if I have a need in the future, I will stick to OpenVPN.

I feel I've made "safer" choices.

I've marshalled several apps through the App Store approval process on behalf of clients. And so I'm well aware of the App Store rules. I've never had any rejection or delay or questions or concerns from Apple. This is because I've always urged strict compliance with both the letter and spirit of the App Store rules.

At the same time, I have encountered companies and individuals who have issue after issue getting their apps approved. In every case, it has been a matter of either trying to sneak something through that is not allowed, or not throughly reading the rules.

This one is a violation on several fronts, IMO:

- it is "beta" or "early preview" functionality. That is in violation of App Store policy



- This is major new functionality that is not adequately described. It would be easy to miss that half-sentence in the "what's new". Most users probably don't even know what a VPN is, and most probably would not have even read that half-sentence.


- Apple failed to adequately test the app. There was an OBVIOUS flub in the first release with the VPN where the tabs at the bottom of the page were scrambled, and not one of them did what it says that it does. I suspect this was due in part to the "Christmas rush" and the desire on the part of testers to clear their plate. While it may be admirable that they did that, clearly they missed something quite obvious.

- The tabs were jumbled initially. VPN tab led to test results instead of VPN. What do you think is the probability that Apple actually tested the VPN part of it?



Jumbled tabs = neither the vendor nor Apple adequately tested. The app release with the jumbled tabs should have been rejected. (It appears it may have been replaced the same day, but still the horse left the gate...)
 
This is major new functionality that is not adequately described. It would be easy to miss that half-sentence in the "what's new". Most users probably don't even know what a VPN is, and most probably would not have even read that half-sentence.

The way you are reacting about this you'd think that this functionality was been forced on all the users!

The perceived violation is all with you. There are real issues to fight, this ain't one of them!

If you think this is so evil then report them too Apple. Continuing to post here isn't going to make a scrap bit of difference to anyone.
[automerge]1577405557[/automerge]
 
Last edited by a moderator:
  • Like
Reactions: Super Spartan
They would have to select the tab, hit the toggle button, agree to allow the profile to be installed, and enter their password to allow it. That's quite a stretch to say users will turn it on without knowing.

We are not going to change your mind. That's fine. But at least others seeing this thread will have the ability to read different points of view.

I do think that some users will have turned this on without knowing what they have turned on.
 
  • Like
Reactions: Super Spartan
You really have an incredibly high opinion of yourself and you act like you've just discovered a major issue with iOS here! It's all very very laughable really.

You're the only one who has elevated this to such a high level. In reality it's a non-issue. Contact Apple and complain if it will make you feel better. Personally I don't think it'll make a scrap bit of difference. I once reported an app that was so blatantly ignoring the rules it wasn't funny. The app's still there today, still breaking the same rules.

So good luck with this!

Edit: The press beat you to it: https://www.coywolf.news/productivity/ookla-speedtest-vpn/ from December 17th

In fact, I came across multiple pages referencing this. So the cat was out the bag nearly 10 days or more ago. Response from Apple so far - nothing.
 
  • Like
Reactions: Super Spartan
The press beat you to it: https://www.coywolf.news/productivity/ookla-speedtest-vpn/ from December 17th

In fact, I came across multiple pages referencing this. So the cat was out the bag nearly 10 days or more ago.

Nope. No cats released from bags.

The closest any articles so far to uncovering these issues is a couple of comments re: "whether you want one or not", or "because, why not?". In other words, VERY gently exploring the topic of "what the heck is a VPN doing in a network speed test app"?

Yes, there are several articles in the press, no doubt as a result of Ookla's press release. Quite possibly the news articles so far are untouched by human hands, especially on a holiday week.

Nothing in that article or others points out the violations of the App Store policy. They are just parroting the press release.

More critical coverage will no doubt follow.

There is zero, repeat zero, violation.

You must not have read the same published App Store guidelines that I have. I cited several violations specifically a few posts back.
 
Last edited by a moderator:
Did it not occur to you that other people don't even see this as an issue? You seem to be the only person here who's just so gosh-darned emotional about this.

Despite your ascertain to the contrary, we have addressed the issue - we just don't think it's worth getting all upset about. I get you don't like that, but that's kinda tough.

Both myself and @Paco II know full well that you're not going to change your mind over this - I even suggested you reach out to Apple (for what it's worth). Please, do us both the decency of respecting that no matter how much you post, neither of us are going to be changing our minds either.

There, I've said my peace, and I'm now going to exit this thread as it no longer serves any purpose.

I wish you good luck in your communications with Apple. If they feel as strongly as you, then they will handle it accordingly. Ultimately it's their call, not yours, not mine, but theirs.
 
Last edited by a moderator:
  • Like
Reactions: Super Spartan
I guess I should have deleted my banking app when they added mobile check deposit functionality (by default...except that I had to give the app permission to access my camera) and then waited for Apple to force them to move it to a separate app.

I don't think that's the same.

Mobile check deposit actually has something to do with.... banking!

As well, I'd imagine they made a big hoopla about it, so it wasn't a surprise.

Up to you, of course, whether you keep or delete. While the app MAY be safe with the VPN feature disabled, I've deleted to "send a message".

The iPad (and iPhone) flakiness stopped when I uninstalled Speedtest and did a full reboot. That's two devices de-flaked by uninstalling this app.

YMMV.
 
Oh my god calm down everyone. It's in the notes. Use it or don't use it. It has no impact AT ALL on the speed testing bit of the app.

Or use another app.

"Snuck in" and "wooden horse" are such an over-reaction. How else would you propose they let you know about new features?
 
Actually, a VPN isn't completely unrelated to a speed test.

A lot of ISPs do "traffic shaping", which is prioritizing certain kinds of traffic over others. A few years ago there was a lot of speculation that Comcast was cheating on speedtests by detecting traffic that looked like bandwidth testing, and prioritizing it. This makes your connection appear faster than it would be normally. If you've ever had slow Internet but a fast Internet speed test, this could be the reason.

A VPN can help hide your traffic type from low-effort traffic shaping, and thus help prevent that kind of cheating.
 
  • Like
Reactions: maxjohnson2
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.