There’s a bug that’s been in iOS since version 13.3.1 that prevents VPNs from encrypting network traffic. This means that some connections to the internet can expose your location and IP address.
- The bug was disclosed by ProtonVPN.
- It has been present since at least iOS 13.3.1.
- Apple has been notified of the issue and is currently looking into a solution.
- No VPN company can provide a workaround, because iOS restrictions don’t allow a VPN app to stop existing network connections.
The bug was found by a security consultant in the Proton community and disclosed by ProtonVPN. When you connect to a VPN, your device stops all existing connections to the internet and reroute them through the VPN. But with this bug, iOS doesn’t stop existing connections immediately.
Some connections are rerouted through the VPN, but others can persist outside of the encrypted “tunnel” for minutes or hours. One example given is Apple’s push notification system. This means that although you’re connecting to an encrypted VPN connection, some data can be leaked like your location and IP address.
ProtonVPN did share a workaround, although it’s not a complete fix. Connect to any VPN server (the post mentions any ProtonVPN server, but presumably it works with any VPN). Then, turn on AirPlane Mode to force-kill network connections. Last, turn off AirPlane Mode. This should work but there is no 100% guarantee.
The company also mentions that another workaround that Apple recommends is using Always-On VPN, but this is a feature that requires setting up your device with a device management tool like Apple Configurator. However, it still doesn’t stop the problem with third-party VPNs.