Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
VPNs for iOS Are Broken and Apple Knows It, Says Security Researcher
- Thread starter MacRumors
- Start date
- Sort by reaction score
Last time I used VPN on Android .... it was the Note 3 and an ASOP rom of ice cream sandwich (Pete's Bugless Beast). <cough>.
Companies use it to protect their secrets (e.g. corporate secrets, government info, etc.).
People in countries without freedom of speech use VPNs to enable them to truthfully give their thoughts about their government if it's negative.
So for the people who do torrent... I'm sure they do their due diligence when selecting a reliable VPN, but ironically enough, if anybody were to use this, they would've known it had issues since their ISP would've notified them, with warnings and reprimands!
It’s only garbage if it’s not for you. I’ve used both iPhone and an android phones and I would never willingly go to android if I have a choice. The only thing android has going for it is boatloads of customizations that you can’t get on iPhone but stability and how everything works it’s not even close. Add that to Google being in control of the operating system and yeah just no.
This being said if it works for you then go for it. It’s just not for me and obviously not for millions of people who would rather have an iPhone
Wouldn't this result in a possibility of denial of service attack for your phone?
No, that's the way TCP/IP is supposed to work. It's supposed to be able to handle such disconnects with ease.
If you have root access like in a Unix system, sure, you can terminate any connection you like. Giving any application in a mobile device the ability to terminate any connection is not a good thing. For one, this breaks the sandbox restriction.
Depending on the OEM Android is stable and I’d put privacy right up with iOS. When it comesd to VPN even ahead.
I run both.
Most of my experience with android phones has been with Samsung because they’re the most popular android phone at least in the USA. They are stable in the sense of the phone doesn’t crash but responsiveness when you click something is nowhere near iPhone and some applications just don’t seem to work as well. I think it’s gotten better but not quite there yet.
I wouldn’t consider any android phone running Google’s version of android private. Maybe private from bad guys trying to get your information but not private from your information being sold to advertisers or governments. Of course there are other versions of android but then you start losing some of the convenience. I think that might be the way to go if you’re really worried about privacy.
With Apple the only privacy protection you have is your information isn’t going to be sold to advertisers. That’s not because of any noble belief Tim Cook has but rather Apple isn’t into the advertising business like Google is. This could change and there’s been talk about it.
Why do people think VPNs increase privacy. People have watched way too many YouTube ads or YouTube content creators pitch VPNs as this miracle privacy solution. It does not increase your privacy and it could decrease it. You are preventing your ISP or cellular provider from reading your traffic but now that VPN provider can do it. I trust my cellular provider more than my VPN provider and I don’t trust my cellular provider at all when it comes to not selling my information.
Yeah. I cant try to forgive them on this one. Their lack of action is the worst part. If I was management of this company I would dedicate some serious time to stomping out these obvious quality control problems. It should become their top initiative.
Hey guys remember how much we praised Mac Os 10.5 (or something I cant remember) for being nothing but a refinement update? They cleaned everything up? Yeah... those were the days.
Yes of course that was implied here. But thanks for making it clear. Was matter of time before the Android Boyz arrived to gloat. Thanks for being polite about it.
I think think that Reddit recommendations are autogenerated based on your activity and then notifications are pre-scheduled to appear by the app, no connection needed. It could possibly be that that you're seeing.
From reading the article it only leaks data if you’ve previously established a connection before the VPN started.
So if you have booted your phone and started a VPN and never turned it off, it doesn’t leak right?
Do people turn on and off their VPN routinely? Maybe if you do that you have problems…
It’s seems just never turn your VPN off and it can’t happen.
So if you have booted your phone and started a VPN and never turned it off, it doesn’t leak right?
Do people turn on and off their VPN routinely? Maybe if you do that you have problems…
It’s seems just never turn your VPN off and it can’t happen.
Assuming the research is valid, this is so bad from a company that markets itself as focused on privacy.
If you want to see what ACTUAL experts are saying about this, I suggest reading this: https://news.ycombinator.com/item?id=32488308
Exactly, Privacy, Privacy, Privacy......what an absolute shambles, I guess it's true what they say; "Nothing is Private on the Internet" But this is typical of the arrogance that far too often comes from Apple.
I reported this to Apple in 2020. They seem to not understand and not care. There is also a bug where you will have strnage issues if your connectivity is spotty at the time you establish the VPN too.
Workarounds are needed.
Workarounds are needed.
Yep I already addressed that in a previous post just prior to the one you quoted. The Tor browser on iOS is ok, but it’s not fully baked Tor, and shouldn’t be assumed as such.
Using a vpn on a mobile is fine for non sensitive stuff. If you just want to stream from a different country or hide your activity from your isp to avoid them selling your data or them seeing you watch a bit of porn or something. The issue shown here won’t affect such, frankly, basic unimportant usage.
People suggesting that until this is fixed Apple is literally killing activists and journalists is hyperbole. Becuase these people sat in deepest darkest Russia or China are not sat messaging their whistleblowing secrets via a mobile OS. They are using a secure laptop system running Tor.
Last edited:
I understand what you are saying, but I cannot imagine this is not a security risk. It makes me wonder what information is being sent over the connections not taken over by the VPN.
Probably all of them, but my VPN vendor didn't say anything.
I would prefer solutions rather than workarounds. On eo fthe reasons I pay Apple's high prices is that I expect a level of privacy and security. If those are compromised, it devalues the Apple brand considerably for me.
I am pretty sure you are referring to actual reporters that don't share your view of the world. Are people reporters only if you agree with them?
Given the use case of a VPN to access work materials, I do not expect the OS to kill all connections when a VPN connection is established. I would like my existing connections to remain untouched when I connect to the company VPN.
When I use a VPN for privacy, I have different expectations. In this case I indeed expect the VPN to provide an option to kill all connections. But I wouldn't mind an option to not have this behavior. I use NordVPN, which claims that it does exactly this. Not sure if it actually does it of course.
I do not expect the OS to take car of the killing, because the OS cannot differentiate between the two use cases.
First there is this from the article "However, Proton admits that this is not guaranteed to work, while Horowitz claims Airplane mode is not reliable in itself, and should not be relied on as a solution to the problem." Second when did Nord notify you about this workaround?