In May, a security expert first revealed that iPhone VPN apps were leaking users'' information, claiming that Apple was not doing anything to prevent it.
Only a few months after the use of VPN software on iOS, another major issue has been discovered. In this instance, some of the most sensitive information is in real danger.
A new expert has discovered that many Apple apps, including Health and Wallet, provide users with personal information outside a hot VPN platform.
Despite the fact that there aren''t any VPN services to blame.
iOS 16 does communicate with Apple services outside an active VPN tunnel. Worst, it leaks DNS requests. #Apple services that exit the VPN connection include Health, Maps, and Wallet. We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy pic.twitter.com/ReUmfa67lnOctober 12, 2022
Apple apps bypass VPN encryption
"We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worst, it leaks DNS requests," said the developer and security researcher Tommy Mysk on October 12.
Theoretically, when you connect to a secure VPN, your data is encrypted and passed through one of its international servers before it reaches it destination. This means neither your ISP nor any other third party should be able to access this flow of information. Similarly, the websites you visit will not be able to define your real IP address or any other identifying details.
Both Proton VPN and Wireshark were on iOS 16. To his dismay, Mysk and his team discovered that many Apple apps ignore the VPN tunnel and exchange data directly with Apple servers.
What''s worse, the applications that are leaking data are actually those who manage most personal and sensitive information. These include: Health, Wallet, Apple Store, Clips, Files, Find My, Maps, and Settings.
Myks is assuming that Apple does this indefinitely when it comes to the reasons behind this bug.
Not just iOS VPN
While Mysk confirms during his testing, iPhone and iPad users are not the only ones who are at danger of their privacy.
"I''ve learned what you''re asking yourself, and the answer is yes," says Android outside an active VPN connection, even with the options Always-on and Block Connections without VPN.
During the last security audit, we discovered Mullvad VPN''s findings that Android devices are quietly undermining VPN services.
When you access several Wi-Fi connections, Android VPNs expose users'' information.