The VPN on Your iPhone May Leak Sensitive Information to Interested Parties
The VPN on Your iPhone May Leak Sensitive Information to Interested Parties GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO Opinion News > Internet & Security
Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Why Incognito Mode May Not Be Private and What You Can Do About It How to Fix a VPN That's Not Connecting What Is a VPN? How to Fake a GPS Location on Your Phone How to Browse the Web Anonymously How to Set Up a VPN on Mac How to Hide IP Address on iPhone The 5 Best VPN-Enabling Devices of 2022 How to Encrypt Data on an Android or iOS Device How to Fix It When Instagram Is Not Working How to Fix a Connection-Is-Not Private Error What Is IPSec? The Top 10 Internet Browsers for 2022 What Is a Public IP Address? (and How to Find Yours) What to Do on iPhone to Stop Government Spying How to Install TutuApp on iOS and Android Devices Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies
The VPN on Your iPhone May Leak Sensitive Information to Interested Parties
Just because it says it's safer doesn't mean it is
By Charlie Sorrel Charlie Sorrel Senior Tech Reporter Charlie Sorrel has been writing about technology, and its effects on society and the planet, for 13 years. lifewire's editorial guidelines Published on August 22, 2022 10:15AM EDT Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming A VPN is supposed to secure and hide all traffic to and from your computer. iOS sends some data outside the VPN. A bad VPN can be worse than no VPN. Dan Nelson / Unsplash.com That VPN you're using to protect all the traffic from your phone? It's probably leaking. If you look at a business person's iPhone, you'll see a little VPN icon in its status bar. A VPN is a Virtual Private Network, like a secure pipe that protects your data as it travels. This tunnel secures a connection to a corporate network, it may hide the content and destination of web traffic and messages for dissidents in hostile regimes, or it may just be a way to get American Netflix from outside the US. But security researcher Michael Horowitz has discovered that on iOS, these VPN pipes leak like the water pipes in a cheap New York hotel. "A VPN encrypts the traffic between any iOS device and the internet, and it also hides your device's IP address, making you invisible to the websites you visit," Hamza Hayat Khan of Ivacy VPN told Lifewire via email. "An operating system is supposed to close all existing internet connections and then establish them again through the secured VPN tunnel. That's how all the traffic would pass without being seen. But in the case of iOS, it doesn't end and restart all the existing connections."VPNs Are Broken
The idea of a VPN is that it routes 100% of your internet connections, encrypting them and obscuring them from any observers. They not only hide the actual data being sent and received, but they can also hide your location. Nobody can see anything along the way. Not your ISP, nobody. That's what makes them ideal for keeping corporate data safe when accessed by remote workers and for staying safe if you are worried about your government harming you. Some VPN apps may sell your data to third parties or may not encrypt your traffic, which could put your privacy at risk. The important part here is the '100%' part. VPNs are only useful if they route everything. Otherwise, why bother? "VPNs on iOS are broken. At first, they appear to work fine," Horowitz writes his blog post. "But, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks. Data leaves the iOS device outside of the VPN tunnel." The problem isn't limited to one vendor or service. Horowitz tested this on multiple services and found the same problem. The leak is in iOS itself, and it's not new. Proton VPN first reported the leak in March 2020. In answer to Proton's concerns, Apple added a "kill switch" that is supposed to block any internet traffic outside the VPN. This, says Proton, kind of works but still allows some data to leak.Dangers
What does this mean for you, the VPN user? Well, it depends on what you use it for. If all you're doing is using a VPN to stream video from another country, then no problem. You have nothing to lose if data leaks, other than Netflix or whoever, seeing where you really are. If that happens, you just quit the app and reconnect. Likewise, if you are using the VPN to protect your data in transit, when connecting to a corporate network, then you may also be ok. Proton says, "if you use Proton VPN while connected to public WiFi, your sensitive traffic still cannot be monitored." The problem here is one of trust. A VPN has one job; if it cannot do that job, how can you trust it? Prostock Studio / Getty Images One option is that you might reconsider using an iOS device altogether. According to Proton's updated blog post, the data that leaks through the kill switch is "DNS queries from Apple services." That could be enough to pinpoint you on a map using your IP address.Self Protection
"The only way to protect yourself from these leaks is to not use VPN apps or firewalls on your iOS device," data scientist Apurv Sibal told Lifewire via email. "iOS users can still use VPN apps to protect themselves from ads and trackers." VPNs are always difficult. You really have to vet them well because they are routing everything that leaves and enters your phone/computer. If you choose the wrong one, it could be worse than not using one at all. "However, it is important to note that not all VPN apps are created equal," says Sibal. "Some VPN apps may sell your data to third parties or may not encrypt your traffic, which could put your privacy at risk. When choosing a VPN app, be sure to do your research and select an app from a reputable provider."Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Why Incognito Mode May Not Be Private and What You Can Do About It How to Fix a VPN That's Not Connecting What Is a VPN? How to Fake a GPS Location on Your Phone How to Browse the Web Anonymously How to Set Up a VPN on Mac How to Hide IP Address on iPhone The 5 Best VPN-Enabling Devices of 2022 How to Encrypt Data on an Android or iOS Device How to Fix It When Instagram Is Not Working How to Fix a Connection-Is-Not Private Error What Is IPSec? The Top 10 Internet Browsers for 2022 What Is a Public IP Address? (and How to Find Yours) What to Do on iPhone to Stop Government Spying How to Install TutuApp on iOS and Android Devices Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies