Tech UPTechnologyNot as good as it seems: using VPN apps...

Not as good as it seems: using VPN apps on iPhone could expose your information

Currently, many mobile device users access VPN applications to obtain benefits such as savings on online purchases, exclusive access to the catalog of streaming platforms and download applications that are not available in their country of origin, however, these apss could affect your iPhone .

In August, a researcher at found a major flaw in iOS VPN apps, and a second researcher has now demonstrated another major issue.

The first problem was that opening a VPN app should close all existing connections, but it didn’t. The second is that many Apple apps send private data out of the VPN tunnel, including Health and Wallet.

How VPN apps should work on iOS

Normally, when you connect to a website or other server, your data is first sent to your mobile data provider . They then forward it to the remote server. That means your ISP can see who you are and what sites and services you’re accessing, and it also puts you at risk from rogue Wi-Fi hotspots.

Instead, one sends the data in encrypted form to a secure server. Your data is protected from the mobile data provider. All they can see is that you are using a VPN.

Similarly, the websites and servers you access do not gain access to your IP address, location, or other identifying data.

Do not close existing connections

The moment a VPN application is activated, it should immediately close all existing (non-secure) data connections and then reopen them within the “secure tunnel”. This is an absolutely standard feature of any VPN service.

However, it found that not only did this not happen reliably, but they shut down all existing unsecured connections.

Many Apple apps are excluded from VPNs

Developer and security researcher Tommy Mysk, looking at what IP addresses were being accessed when a VPN was active, found that many Apple apps ignored the VPN tunnel and instead communicated directly with Apple servers.

“We confirmed that iOS 16 communicates with Apple services outside of an active VPN tunnel. Worse still, it filters requests for . Apple services that escape the VPN connection include Health, Maps, Wallet…”

This means that all data sent to and from these servers is at risk of eavesdropping by ISPs or hackers who perform man-in-the-middle attacks, using easy-to-create fake Wi-Fi hotspots.

The apps that leaked data were:

  • app store
  • clips
  • Records
  • find me
  • Health
  • maps
  • Settings
  • Wallet

Most or all of these applications handle extremely private information about iPhone users, ranging from health conditions to bank transactions.

On the other hand, Mysk also discovered that Android behaves in the same way with Google services.

“I know what you’re wondering, and the answer is YES. Android communicates with Google services outside of an active VPN connection, even with Always On and Block connections without VPN.”

The iPhone saves Apple's revenue, but not enough to completely rid the crisis

Despite having lower sales of its products and services, the company managed to have satisfactory results.

Apple confirms that all future iPhones will have USB-C input, but only in these...

After the European Union requested the unification of chargers to technology companies, the Cupertino company announced that it will set aside the Lighting entry.

If you are a Citibanamex user, do not update iOS16.1!

Multiple users reported receiving messages from the bank inviting them not to download the Apple operating system update.

Goodbye iPhone 14 Plus? Apple cuts production of this iPhone model

The research firm Trend Force notes that the production cost is 60% more expensive than the most expensive version.

22 years ago the iPod was launched, why did it disappear?

This iconic product stopped being produced this year, but 22 years after it was launched, it continues to be talked about.

More