New Report Says iOS VPNs Don’t Work and Apple Knows It

Conducting business on mobile? Bad news: It turns out your iPhone or iPad isn't as secure as you thought.

iPhone owners’ internet activity might not be as safe as they think: A new report holds that a bug in the popular smartphone’s operating system prevents any and all VPNs from fully encrypting all traffic.

Worse, according to the report, is that Apple has known about the vulnerability since early 2020 and hasn’t yet acted to stop it.

The news of the flaw was first revealed by VPN service ProtonVPN in March 2020. So, what does it all mean for security-minded iPhone users?

What to Know

According to ProtonVPN’s 2020 warning, which was focused on iOS 13, iPhones or iPads that turned on a VPN would not close and then re-open all their connections. By failing to terminate all internet connections, the software would leave the device open to leaking unencrypted data.

Now, a new 7,000-word report from independent consultant Michael Horowitz explains that the same issue remains present in iOS 15.6 — indicating that Apple has sat on their hands regarding the issue for two full years and change.

The researcher breaks it down in a summary:

“VPNs on iOS are broken. At first, they appear to work fine. The iOS device gets a new public IP address and new DNS servers. Data is sent to the VPN server. But, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks. Data leaves the iOS device outside of the VPN tunnel. This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers.” – Michael Horowitz

It doesn’t matter how great the VPN service you’re using is if the device’s software itself won’t avoid VPN tunnel leaks.

Should You Avoid iOS Entirely to Stay Secure?

Horowitz is fully against using VPNs on iOS. Instead, he says, all VPN activity should be kept to a trusted router. In fact, he recommends keeping a second router around entirely for VPN connectivity.

Our top picks for VPN security remain NordVPN and Surfshark.

ProtonVPN was the provider to first ring the alarm bell about the iOS bug nearly two and a half years ago, and it happens to be a pretty good service on top of that: Our Tech.co testers have ranked them among our top most secure VPNs for a while now.

But the bottom line here is that iOS users should reconsider how secure their data actually is. And, since Apple has built its reputation in large part on keeping data private and security, this should be considered a big PR blow for the tech giant with a $2 trillion market cap.

Granted, security and privacy aren’t the only reasons why a VPN can be useful — our guide to the best iPhone VPNs ranks IPVanish VPN as the best for unblocking Netflix content — but as it stands, this iOS bug is a huge reason why the truly security-conscious will want to avoid the popular smartphone entirely.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals