Never had an issue with this. iOS is rock solid and super-secure. Don't buy the FUD.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher
- Thread starter MacRumors
- Start date
- Sort by reaction score
How do you know you've never had this happen? Don't buy the fanboi nonsense.
This is simply false. The initial point of VPN lies in its name, its supposed to create a virtual private network. The main purpose of a VPN is to enable private IP addresses to be able to talk with each other, as private IP addresses are not routable on the public Internet.
If a company has 172.16.0.0/12 as their local subnet at work, and some employer needs to access internal resources when being outside the corporate network they would utilise a VPN to have an encrypted connection from their device to the firewall at their corporation making it possible said employer to reach resources within this private subnet which would otherwise be impossible.
And this is obviously going to be encrypted so you don't have data that would otherwise be local data within the corporation traverse the public internet for everyone to see.
Hiding your location was never the intent of a VPN. But VPN has evolved since its inspection, and today its often being used to not only route specific private subnets, but to route all traffic from a device thus making it into a privacy tool and possible to be used to make it look like you are coming from a different IP address with a different geo-location.
I believe you're right here. We have people on both sides of the coin wanting to place what they believe to be obvious blame. ArsTechnica could have gone more with a "this is Apple's fault" but I don't think that's completely proven. Is it possible? Oh definitely.
Meanwhile, the clash between those who think Apple is the very picture of evil and those who supposedly sell their soul to said evil continues.
One thing I am grateful for is security researchers keeping a check on this. I don't have time to packet sniff every little thing that leaves my device and make sure it is headed to where it is going. I do expect that to happen though.
Just re-reading the ArsTechnica article - trying to be as unbiased as possible - it does seem the article is blaming the VPN companies more than Apple. <shrug>.
But hey, "my dignity" is in question for not instantly blaming the completely evil and horrible Apple for everything and anything
. Good ole MR.
This could compromise my girlfriend.. and really upset my wife!!!!
Better question — how many VPN vendors know about this and continued to sell you their products? Surely they tested their own products thoroughly and came to the same conclusion?
Do you use VPNs?
Have you tested for data leakage while using VPNs?
Have you reproduced the article's attestations?
Otherwise, respectfully, you are literally contributing to the FUD. If there's a real problem here (and there appears to be so) it behooves you to contribute to the signal, not the noise - I have no stick in this other than Apple refusing to acknowledge a problem that affects potentially everyone who uses VPNs on IOS.
I would imagine that if I were a VPN vendor and had a limited API to develop for an OS, that I would trust the OS to deliver the promise of routing accordingly. This isn't passing the buck -- it's not inherently any software developer's responsibility to test for flaws in the API stack.
Additionally this might have worked initially and degraded over time.
Not an excuse for either side of this argument, just a statement. ISVs do not inherently have any rights over the OS and must utilize the APIs provided.
I'll give you that. If I was an iOS developer - I would hope that the OS would have a call to terminate all connections and thus re-route or route all new connections from that point forward to the VPN instance my app created.
I would definitely expect the developer of a VPN to make sure to send out to the OS a "kill all connections" or "reroute" of sorts.
I can agree with you that I'd expect the OS to do the same thing once a VPN was established.
I haven't touched iOS development since swift came out so...
I've been following this situation on a few forums, and it's debatable that Apple "screwed up VPN", really. The first thing people need to understand is that a VPN can be used for 2 completely different purposes. Some people use it as a method of accessing company resources behind a firewall. Others rely on it as a privacy tool, to hide all of their Internet traffic's true source location.
The iOS implementation of VPN works just fine for the former use-case, but maybe not so well for the later.
From what I read from a couple of people who packet-sniffed the traffic to learn more about it? What they observed was that certain network connections coming from iOS itself and its services continued to communicate outside the VPN after the VPN was connected. (There was data going out on port 443 to both an Apple and a Microsoft server as well as a bit of traffic going to some high numbered ports to another Apple server.) On the other hand? Applications like "WhatsApp" that were started before the VPN was connected stopped showing up as communicating outside the VPN tunnel, after it was established.
It sounds to me like Apple purposely designed things so they're keeping some of their iOS traffic from traveling through a VPN connection (maybe things like FindMy, notifications, etc.). Beyond that? If people are seeing other apps not switching to using the VPN when it's connected, it could be bugs with how those applications handle changes in connection status? Obvious solution there is to make sure you connect your VPN *before* you launch your apps that need to securely communicate through it.
It was an eye opener to me to use https://objective-see.org 's tools to see exactly what was going on in the background. So many apps (even name brand) making so many calls to seemingly random IPs constantly throughout the day... Just astounding. One app would send a call to several IPs every time I moved a mouse over it. lol.
Show your results here and to the original author. What VPN software did you use, what router did you use for logging, how long did you test for, etc.
The main thing is I continue to trust iOS as the world's most advanced and secure operating system.
VPN companies are tiny compared to Apple. So, suing the all evil Apple seems to be the right choice here.
Last edited:
You pay a VPN company not Apple for the service. Apple is at fault for not fixing this problem. VPN companies are at fault for not disclosing that their products are compromised and putting customers at risk.
Your dignity!!! YOUR DIGNITY!!!!! ... <cries> Your.... dig...nity... /s.
While I agree that iOS / Mac OS is great - and I trust it a lot, I am glad security researchers are keeping them on their toes and calling out shortcomings when they see them.
Last edited:
Still „available” on 15.6, doubt it was fixed on latest release.
Looks like one of the biggest bugs in Apple history… even Kill-Switch vpn are broken.
Looks like one of the biggest bugs in Apple history… even Kill-Switch vpn are broken.
My own experience today tells me you are wrong, because turning on and off the Airplane mode fixes my Nord VPN, so they work as expected, once you use a feature to fix Apples bug.
My personal experience is that, I very often check my ip address while connected to expressvpn on my iphone. It always, always shows expressvpn's ip address, never shows my own.
On windows it is the same. However, recently expressvpn on windows sometimes shows my real ip address.....
On windows it is the same. However, recently expressvpn on windows sometimes shows my real ip address.....