VPNs on iOS are “broken” and Apple doesn’t seem to be doing anything to fix it

iPhone and iPad VPNs have been allegedly leaking data for two years

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A leading security expert and blogger has claimed iOS VPNs are failing to secure users' data inside theVPNtunnel.

Data leaks have allegedly occured over the past two years, withAppleknowing about it but not acting to fix the bug on its latest iOS versions.

This might come as a shock for users looking to protect their online privacy with one of thebest iPhone VPNservices.

iOS VPN users at risk

“VPNs on iOS are broken,” wrote Michael Horowitz in ablog postwho has been updating since May 25.

He ran a total of four tests from his iPad, every time changing iOS version (15.4.1, 15.5 and 15.6), VPN provider (he tried withProtonVPN, OVPN andWindscribe),VPN protocol(IKEv2, WireGuard and OpenVPN) and server network.

Even though at first the VPNs all seem working, a deeper inspection revealed the same disappointing result: the software breached devices' IP address and other personal data. “Data leaves the iOS device outside of the VPN tunnel. This is not a classic/legacy DNS leak, it is a data leak,” he concludes.

Put it simply, iOS VPNs seem not to be able to kill existing sessions before establishing a secure connection. Exactly what you would expect from one of the mostsecure VPNservices.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Apple was aware of the bug since 2020

This vulnerability affecting iOS VPNs is sadly nothing new. Swiss-based security firm Proton firstreportedon it in 2020, claiming the data leak started at least in iOS 13.3.1.

Now, two years later and a few iOS updates after, Apple appears not to have managed to fix this risky bug yet.

At the time, Proton pointed out a few work-arounds to the problem. These are activating theAlways-on VPNoption - something that Proton suggests would not work on third-party apps - enabling thekill switchon your VPN app, and/or using theAirplane Modeto terminate all your existing connections.

Millions of free VPN user records leaked>Why VPN no longer has a place in a secure work environment>Our pick of the best VPN services around right now

However, Horowitz suggests that neither the kill switch option nor the Airplane Mode trick were successful when he tried them out during his tests.

“To date, roughly five weeks later, Apple has said virtually nothing to me,” he wrote on July 3, suggesting that for the silicon valley giant it would be really easy to run the same test and investigate the matter.

“At this point,I see no reason to trust any VPN on iOS. My suggestion would be to make the VPN connection using VPN client software in a router, rather than on an iOS device.”

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

MacBook Air OLED reportedly delayed until at least 2028 – here’s why