Using VPN in iOS 13.4 May Be Insecure

If you use VPN services on iPhone and iPad, you should be aware that starting with iOS 13.3.1, the operating system does not allow VPNs to completely encrypt traffic from the device. This bug was discovered not so long ago by security experts from Bleeping Computer and, according to experts, has not been fixed in iOS 13.4, which means VPN users are in potential danger. In the meantime, Apple is working on a solution to the problem, there is a way to restore encryption yourself.

Even if the VPN is working, this does not mean that the connection is secure.

New iOS bug

What is this bug? Typically, when you connect to a virtual private network (VPN), your device’s operating system closes all existing Internet connections and then re-establishes them through the VPN “tunnel”. However, in iOS version 13.3.1 and later, the operating system does not do this - that is, you can safely connect to the VPN, but other connections will also be active. This issue also persists in the latest version of iOS 13.4.

Most connections are short-lived and will eventually be reinstalled through the VPN tunnel. However, some of them work for a long time and can remain open from several minutes to several hours outside the VPN connection. In particular, this concerns push notifications, which with an active VPN still go through an unencrypted channel.

Now in iOS, a VPN connection and a regular one can work in parallel

None of the VPN services can solve this problem on their own - you can’t get around without the help of Apple. The only thing that can help so far is if your VPN service offers the “always use VPN” feature. In any case, Cupertino should release a new version of iOS with bug fixes. And while they did not, there is an alternative solution to the problem.

How to enable VPN encryption in iOS 13.4

Connect to your VPN
Turn on airplane mode
Turn off airplane mode

Experts note, however, that this method does not have a full guarantee.

The iPhone will be reconnected to the Web and all connections will go through the VPN, although we cannot guarantee it 100%

A year and a half ago, independent experts conducted a study and found that many VPNs from the App Store are insecure. If the service is Chinese, then according to the laws adopted in China, VPN providers must necessarily register with the government in order to be able to carry out supervision by the competent authorities. This, in turn, allows local authorities to carry out all kinds of checks, which include an analysis of user traffic passing through the suppliers' servers.

Also, many services are contrary to generally accepted confidentiality rules, collecting data about users and transferring them to the side. At the same time, half of the total number of free VPN services are not equipped with any protective mechanisms and do not have an active support service ready to help users. In the case of paid VPNs, the likelihood of this is excluded - the developers are interested in users paying for the service.

However, it is vulnerable VPNs that are especially popular, since most of them are free. Obviously, this is how developers try to attract the maximum number of users who are not ready to pay for traffic encryption. However, as a result, they not only do not receive the required protection, but, on the contrary, become victims of such indiscretion.