{"id":36806,"date":"2022-08-18T09:30:47","date_gmt":"2022-08-18T13:30:47","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=36806"},"modified":"2025-06-30T14:20:58","modified_gmt":"2025-06-30T18:20:58","slug":"ios-vpns-are-broken","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/08\/18\/ios-vpns-are-broken\/","title":{"rendered":"iOS VPNs Are Broken"},"content":{"rendered":"

Tim Hardwick<\/a> (Hacker News<\/a>):<\/p>\n

Third-party VPNs made for iPhones and iPads routinely fail to route all network traffic through a secure tunnel after they have been turned on, something Apple has known about for years, a longtime security researcher has claimed (via ArsTechnica<\/a><\/em>).<\/p>

Writing on a continually updated blog post<\/a>, Michael Horowitz says that after testing multiple types of virtual private network (VPN) software on iOS devices, most appear to work fine at first, issuing the device a new public IP address and new DNS servers, and sending data to the VPN server. However, over time the VPN tunnel leaks data.<\/p><\/blockquote>\n

Both Proton and Horowitz say that toggling Airplane Mode does not work around the problem.<\/p>\n

Michael Horowitz<\/a>:<\/p>\n

It also seems that Apple has a level of trust that they do not deserve. Back in March 2020, Steve Gibson said<\/a> “… Apple’s going to fix this. I’m sure it’s already been fixed in-house. They’re probably moments away from pushing out a fix to this because it’s gotten a lot of attention in the industry … I imagine within a few days this’ll be fixed.” A slightly more skeptical John Dunn of Sophos wrote<\/a> at the time that “A patch might not appear for weeks”. It has been over two years. <\/p>

I emailed Apple at their special email address for reporting security issues on May 19, 2022 and, for a week, there was no response. On May 26th, I emailed again and, this time, Apple responded the next day.<\/p>

[…]<\/p>

To date, roughly five weeks later, Apple has said virtually nothing to me. They have not said whether they tried to re-create the problem. They have not said whether they agree on this being a bug. They have not said anything about a fix.<\/p><\/blockquote>\n\n

Still no response or fix for the Mail bug<\/a> I and others reported nearly 3 years ago, where moving messages between mailboxes instead deletes them, even though it was widely reported.<\/p>\n\n

Previously:<\/p>\n