IVPN Blog>Releases>Removal of kill switch from our iOS app due to Apple IP leak issue

Removal of kill switch from our iOS app due to Apple IP leak issue

Releases By Juraj Hilje | By Viktor Vecsei | Posted on August 1, 2023

When using Apple services on iOS 16+, a VPN connection does not fully protect your privacy against Apple. Even with an active VPN connection and kill switch enabled, traffic from your iOS 16+ device to Apple servers can leak outside the VPN tunnel and expose your local IP address to Apple. For this reason, during the next release we are removing the kill switch feature from the IVPN iOS app. Connections to non-Apple servers are not vulnerable to this leak, thus general privacy benefits of your VPN connection are unaffected.

Leak issue

During recent tests of Apple’s ‘includeAllNetworks’ feature, also known as kill switch, we found that the functionality is not working as expected, leading to some traffic leaking outside the VPN tunnel to Apple’s servers.

This means that, even when the VPN is connected, using Apple’s services like Apple Maps or Apple Push Notifications may result in traffic bypassing the VPN tunnel, allowing Apple servers you connect to to see the user’s local IP address.

Background

The iOS VPN bypass issue was initially discovered in iOS 13.3.1. To resolve the problem, Apple introduced the ‘includeAllNetworks’ feature in iOS 14+, which was designed to force all network traffic through the VPN tunnel.

Recent tests conducted by security researchers revealed that on iOS 16.1+ devices, network traffic to Apple’s servers still leaks outside the VPN tunnel, even when ‘includeAllNetworks’ is enabled.

Next steps by IVPN

In our next iOS app release, we will remove the kill switch feature for iOS 16+ devices. This step is required to avoid providing a false sense of security to customers.

The feature will continue to be available for iOS 15 devices, as we have confirmed that ‘includeAllNetworks’ works effectively on those devices.

Further, we are filing a bug report with Apple and will closely monitor this issue in future iOS versions.

Apps Privacy
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

Featured posts

IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

Related posts

Introducing device management for better control of logged in devices Releases

Introducing device management for better control of logged in devices

Posted on February 13, 2024 by Viktor Vecsei

We are introducing IVPN device management, an opt-in (disabled by default) feature that helps you review and log out from devices currently logged in to IVPN apps. This step is a direct response to frequent customer requests for better device controls.
Launch of IVPN Light - short-term VPN access paid with BTC Lightning Releases

Launch of IVPN Light - short-term VPN access paid with BTC Lightning

Posted on September 15, 2023 by Viktor Vecsei

Equipped with a BTC Lightning wallet and some sats, you can now set up an IVPN WireGuard tunnel in minutes without creating an account or sharing any personal information. Benefits of using IVPN Light: Short duration access option, you can get a “throwaway” VPN tunnel for 3 hours or up to 30 days duration Priced in sats and affordable - you can purchase access for as little as 500 sats (3 hours) Access up to 5 locations or 1 entry-exit node MultiHop combination with one payment No account required - we only keep a record of your Lightning payment on our self-hosted BTCPayServer, no personal information is collected Differences versus a regular IVPN subscription:
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.