It was sometime in May when a security expert first revealed it iPhone-VPN The apps were leaking users’ data, claiming that Apple didn’t Do anything to fix it.
Now, only a few months later, another major problem has been found when using vpn program on iOS. In this case, some of the people’s most sensitive information is at real risk.
Another expert recently discovered that many Apple apps, including Health and Wallet, send users’ private data outside an active VPN tunnel.
However, the best vpn Services are not responsible here.
We confirm that iOS 16 is communicating with Apple services outside of an active VPN tunnel. Even worse, it leaks DNS requests. #Apple services that come out of the VPN connection include Health, Maps, and Wallet. We used ProtonVPN and #Wireshark. Details in the video: #CyberSecurity #Privacy pic.twitter.com/ReUmfa67lnOctober 12 2022
Apple apps bypass VPN encryption
“We confirm that iOS 16 is communicating with Apple services outside of an active VPN tunnel. Even worse, it is leaking DNS requests,” developer and security researcher Tommy Mysk tweeted on October 12.
Theoretically, when you connect to a file secure vpn, your data is encrypted and passed through one of its international servers before it reaches its destination. This means that neither your Internet Service Provider nor any third party should be able to access this flow of information. Likewise, the websites you visit will not be able to tell who you really are IP addresses or any other identifying details.
Mysk ran some tests on iOS 16 with both ProtonVPN And the Wireshark activation. To his dismay, he and his team discovered that many Apple apps actually ignore vpn tunnel and exchange data directly with Apple servers.
Even worse, the apps that leak data are actually the ones that manage the most private and sensitive information. These are Health, Wallet, Apple Store, Clips, Files, Find My, Maps, and Settings.
Speaking of the reasons behind this error, Myks seems to think that Apple is doing it on purpose.
“There are services on the iPhone that require frequent connection to Apple servers, such as Find My and Push Notifications. However, I don’t see a problem tunneling that traffic into the VPN connection. The traffic is encrypted anyway,” I told 9to5Mac (Opens in a new tab)They added that they did not expect to see so many visits.
Not only iOS VPN
As Mysk confirms during testing, iPhone and iPad users aren’t the only ones risking their privacy.
“I know what you are asking yourself and the answer is yes. Android communicates with Google services outside of an active VPN connection, even with the Always-on and Block Connections options without a VPN,” he said.
A few days ago, we reported Mulvad vpnFindings that Android devices Quietly undermining VPN services during her last security check.
over here, android vpn Expose users’ data during connection checks when accessing some Wi-Fi networks.
Google’s VPN provider has pledged to add the option to opt out of these checks when the VPN is active, but the big tech giant believes there’s no need for that. This is the reason why Mulvad is now pushing to achieve it at least Changing the “misleading” description of its VPN-related features.