An active VPN connection is not able to tunnel all data traffic in iOS and iPadOS. Certain traffic “required for essential system services” continues to take place outside of the VPN tunnel, Apple has now confirmed for the first time. This should ultimately ensure that iPhones and iPads “work properly”. Data traffic from apps from other developers may also run outside of the VPN tunnel, as Apple explains in new data protection notices on Virtual Private Networks. VPNs are only able to “steer certain network traffic”.
VPN providers warn of “bypass problem”
VPN apps and security researchers have warned for several years that Apple’s operating systems allow some connections outside the VPN tunnel, including connecting to Apple’s push messaging service. As a result, a user could unintentionally reveal his IP address.
According to providers of VPN services, this “VPN bypass problem” has existed for several years, the VPN app is simply not able to reliably close all connections in iOS and then re-establish them in a tunnel. There is a special kill switch function to terminate existing network connections, but even that does not ensure that all traffic actually runs through the VPN tunnel afterwards.
If developers require a specific connection type for their app, such as a cellular connection, then the app’s network traffic will be excluded from the “active VPN configuration,” Apple also writes. However, VPN providers should be able to prevent this type of forwarding of network traffic outside of the VPN tunnel. However, this does not apply to Apple’s in-house services. As examples of the system services excluded from VPN connections, the manufacturer cites the connections to the local router as well as “certain mobile phone services”, including the “Visual Voicemail” answering machine integrated in iOS.
Apple warns VPN caution
In the data protection declarations for VPN, Apple also warns its own customers to only use VPN services that they trust. After all, the VPN provider can “view, track and modify online activities. With the iCloud private relay, Apple operates its own service that is intended to hide the user’s IP address from websites and network operators. This protection no longer applies if a VPN connection is established, according to Apple.
(lbe)
