iPhone owners' internet activity might not be as safe as they think: A new report holds that a bug in the popular smartphone's operating system prevents any and all VPNs from fully encrypting all traffic.
Worse, according to the report, is that Apple has known about the vulnerability since early 2020 and hasn't yet acted to stop it.
The news of the flaw was first revealed by VPN service ProtonVPN in March 2020. So, what does it all mean for security-minded iPhone users?
What to Know
According to ProtonVPN's 2020 warning, which was focused on iOS 13, iPhones or iPads that turned on a VPN would not close and then re-open all their connections. By failing to terminate all internet connections, the software would leave the device open to leaking unencrypted data.
Now, a new 7,000-word report from independent consultant Michael Horowitz explains that the same issue remains present in iOS 15.6 — indicating that Apple has sat on their hands regarding the issue for two full years and change.
The researcher breaks it down in a summary:
“VPNs on iOS are broken. At first, they appear to work fine. The iOS device gets a new public IP address and new DNS servers. Data is sent to the VPN server. But, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks. Data leaves the iOS device outside of the VPN tunnel. This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers.” – Michael Horowitz
It doesn't matter how great the VPN service you're using is if the device's software itself won't avoid VPN tunnel leaks.
Should You Avoid iOS Entirely to Stay Secure?
Horowitz is fully against using VPNs on iOS. Instead, he says, all VPN activity should be kept to a trusted router. In fact, he recommends keeping a second router around entirely for VPN connectivity.
ProtonVPN was the provider to first ring the alarm bell about the iOS bug nearly two and a half years ago, and it happens to be a pretty good service on top of that: Our Tech.co testers have ranked them among our top most secure VPNs for a while now.
But the bottom line here is that iOS users should reconsider how secure their data actually is. And, since Apple has built its reputation in large part on keeping data private and security, this should be considered a big PR blow for the tech giant with a $2 trillion market cap.
Granted, security and privacy aren't the only reasons why a VPN can be useful — our guide to the best iPhone VPNs ranks IPVanish VPN as the best for unblocking Netflix content — but as it stands, this iOS bug is a huge reason why the truly security-conscious will want to avoid the popular smartphone entirely.