Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher
- Thread starter MacRumors
- Start date
- Sort by reaction score
AFAIK, entitlements for iOS apps only allows them to do what the apps wants to for itself without affecting other apps. What you and others are suggesting is to create entitlements that are system wide. Again, this is not a good idea IMHO.
It is enhanced, but fundamentally it is still based on user account rights. A use with roots access can terminate processes of other users. Actually since the 70s, Unix is already enforcing these rights (e.g. roots vs normal users) as it is designed with multi user access in mind. It is the normal personal computer OSes, e.g. Apple II, MSDOS, Windows 95 that give full access. And look what happened when Internet access became prevalent. OS folks learns from these mistakes. That is how OSes evolved to what it is today.
And you point being? I said that iOS does not have the concept of user accounts and I meant it for users using iOS devices. I think you know what I meant. Nice redirection.
Netfilter, as I explained it, is a sub-system of Linux. It is not an app. Not sure if you understood what I wrote. FYI, iOS is based off Darwin kernel, which is also open-sourced. I'm not sure what you even mention open-sourced VPN apps. Scrathing my head here.
What did Apple disagrees with in your opinion? Apple only provides APIs for developers to implement their VPN protocols. That's about it. I don't think Apple has any stance on how you make use of the VPN services.
Disconnecting existing connections willy-nilly may have bad consequences for existing apps, and I'm saying that allowing just about any app to be able to do that is bad. So far I do not see any argument indicating that how this is not going to be exploited. Do you have any?
And I said I think the entire episode is making a mountain out of a molehill.
I don't think you understand what I'm explaining to you in my previous post to yourself. By using a VPN service, all you are doing is transferring the knowledge of your location from your ISP to your VPN service provider. How is that obscuring your original location. If the argument is obscuring from your ISP, it is silly. Your ISP already knows where you are.
Hey relax, APple is the company that cares about your "privacy" and "security" more than any other company in the world. We absolutely need to keep side loading out, and the walled garden in, so that we are all safe from those nasty outsiders who would corrupt your phone. If you don't believe me, just listen to all the fans on this forum that will tell you every time Europe proposes a new law
At this time it looks like it only affects VPN and not Private Relay.
But what about OS controlled VPN's. I don't think we know, but I'd sure like to. Mainly I use IKEv2 straight from the OS for work.
No, a VPN app versus OS based VPN. You can do both on the iPhone. (or anything else really)
I get the feeling corporate users of VPN's will be getting their lawyers to look over the T&C's of the VPN's because they would have been paying for a service which is supposed to protect their clients privacy and security but due to an ios bug this is not the case. How many VPN's have told customers about the ios bug that leaks network traffic? Could be many lawsuits against VPN's in the pipeline.
What corporate users mainly care about is a different scenario: you connect to the VPN, and gain access to corporate resources; you disconnect, and lose that access. Presumably, this does work correctly.
It's the opposite that supposedly doesn't work reliably: killing existing connections when connecting to a VPN. This isn't as important a scenario for corporate use. (It might still be desired by IT, such as to ensure all traffic can be inspected by them. But that's something Apple might frown upon anyway, and might not be particularly inclined to support.)
The difference is that my VPN server is in a different country. Again, in the UK the government has passed laws that allow for blanket surveillance, requiring ISP's to save domain names of every site visited, whether you are suspected of a crime or not. So when I use a VPN, I assume all that the government gets is a foreign IP address and a domain name that indicates it is a VPN, but that's it. Also, snooping is not just done by governments. Thus, I want Apple to provide maximum security and privacy. I am not a security expert - just paranoid. I've heard too many stories from friends who have survived authoritarian regimes.
My understanding was that OS based was currently corporate only.
I am not aware of any that can be gotten via the App Store.
You can use a few built-in protocols (L2TP, IKE, and Cisco's variant of IKE), or you can install additional protocols via the App Store (e.g., OpenVPN). Neither is enterprise-specific, although MDMs (which are typically used in enterprise scenarios, but also, say, schools) add the ability to deploy a VPN config across multiple devices and manage that centrally.
Color me confused.
My understanding was that OS VPN is part of the OS install and not a 3rd party post OS install.
I don't really understand what you're asking.
You can use the OS's built-in VPN protocols to connect to a VPN. Or, if you need additional protocols, you can install an app.
No, definitely not, anyone can set up an OS VPN (client side) anytime, as long as they know a server to connect to.
Heh.. I've been going back and forth about getting the Reddit app, but ultimately didn't. More so I just forgot about it, and use web to do that. Otherwise, most of my browsing is on a desktop computer.
On a related note, people in the past would just click "OK" for privacy dialog/popup windows. I have a feeling that sort of thing continues to this day on mobile... they DL an app, but don't bother reading the privacy statements and policies set forth in the mobile stores!
:O
@bobcomer @chucker23n1
Okay - sounds more like terminology. My misunderstanding.
My use has been my general use VPN (ex: ProtonVPN) and the other for Remote Access (employer)
Okay - sounds more like terminology. My misunderstanding.
My use has been my general use VPN (ex: ProtonVPN) and the other for Remote Access (employer)
No prob. Remote access can work for connecting to your home and some enterprises might use a commercial VPN like ProtonVPN when in foreign countries. The concept is really versatile and can be used for multiple things.
I'd also add here that sometimes, corporations DON'T want all the traffic going through the VPN tunnel!
For example, say you have a home user who wishes to print to their own networked printer(s) while connected to the office via VPN. They'll need a "split tunnel" configuration that purposely routes traffic destined for their local network's IP address range outside the VPN tunnel.
True, but that’s easy enough, and I don’t think there’s any problem with that in iOS. DNS is a bit tricky, but routing is rather simple.