Yet another critical VPN-related bug found in iOS 16

It’s the second data leak reported in just a few months

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

It was sometime in May when a security expert first revealed thatiPhone VPNapps were leaking users' data, claiming thatApplewasn’tdoing anything to fix it.

Now, only a few months later, another major issue has been found when usingVPNsoftware on iOS. In this instance, some of people’s most sensitive information is in real danger.

Another expert has recently discovered that many Apple apps, including Health and Wallet, send users' private data outside an active VPN tunnel.

However, thebest VPNservices are not the ones to blame here.

We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy pic.twitter.com/ReUmfa67lnOctober 12, 2022

Apple apps bypass VPN encryption

“We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests,” developer and security researcher Tommy Mysk tweeted on October 12.

Theoretically, when you connect to asecure VPN, your data is encrypted and passed through one of its international servers before it reaches it destination. This means that neither your ISP, nor any other third party should be able to access this flow of information. Similarly, the websites you visit won’t be able to define your realIP addressor any other identifying details.

VPNs on iOS are “broken” and Apple doesn’t seem to be doing anything to fix it>Discover what is Apple Private Relay and if it’s worse than a VPN>Our pick of the best Mac VPN apps around right now

Mysk ran a few tests on iOS 16 with bothProton VPNandWiresharkactive. To his dismay, he and his team found out that many Apple apps actually ignore theVPN tunneland exchange data directly with Apple servers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

What’s worse, the applications leaking data are actually those managing the most private and sensitive information. These are Health, Wallet, Apple Store, Clips, Files, Find My, Maps and Settings.

Talking about the reasons behind this bug, Myks seems to believe that Apple does so intentionally.

“There are services on the iPhone that require frequent contact with Apple servers, such as Find My and Push Notifications. However, I don’t see an issue of tunneling this traffic in the VPN connection. The traffic is encrypted anyways,”he told 9to5Mac, adding that they didn’t expect such an amount of traffic to be exposed.

Not just iOS VPN

As Mysk confirms during his testing, iPhone and iPad users are not the only ones risking their privacy.

“I know what you’re asking yourself and the answer is YES. Android communicates withGoogleservices outside an active VPN connection, even with the options Always-on and Block Connections without VPN,” he said.

Just a few days ago we reported onMullvad VPN’s findings that Android devices arequietly undermining VPN servicesduring its last security audit.

Here,Android VPNsexpose users' data while performing connectivity checks when accessing some Wi-Fi networks.

The VPN provider pledged Google to add an option to opt out for these checks when the VPN is active, but the big tech giant believes there’s no need for this. This is why Mullvad is now pushing forat leastchanging the “misleading” description of its VPN-related features.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report