A new alert by security researchers is taking center stage regarding Apple apps on the iOS 16.
The report spoke in detail about how the apps are able to bypass VPN connections and communicate with external sources outside the tunnel.
As you can imagine, the news is not being taken too well by many who feel it’s a major security lapse.
In 2020, we saw ProtonVPN go public with a bug inside iOS 13 and it went on to dictate how it would stop VPNs from completely encrypting data. Hence, the IP addresses were getting exposed as was data. At the same time, it was getting rid of any existing network connections that got active after the user began using their VPN.
But then this year in August, we saw another security expert shed light on how the flaw was never eliminated and continues to exist on iOS devices.
He adds that it takes minimal time to make this take place again and the fact that such issues are so consistent means that Apple isn’t doing something about it. And then another similar report came by another security researcher who reported similar findings and set out alarm bells about how this is not okay as it was putting so many users at risk of having their data exposed.
Yesterday, Tommy Mysk went public with the results of a series of tests that he conducted, thanks to assistance from ProtonVPN and Wireshark. These were tools that could better analyze traffic coming into the network.
Some findings went as far as stating how DNA requests arising from Apple’s apps on the iOS 16 device were ignoring VPNs when generating responses back to Apple’s own servers. And common apps involved included the likes Clips, Files, Wallet, Settings, Find My, and Maps. And then there was a short discussion about how the same occurs with Google Services on Android devices.
Just the thought of Android communicating with Google outside the VPN tunnel activation is mind-blowing and the phone he used was a Pixel one that had Android 13 running across it.
While some of the Apple apps outlined make use of end-to-end encryption, others utilize factors like encryption in transit to carry out the deed. And when the data is being sent to the servers, the iCloud present on Apple manages to encrypt it. This format is stored with any encryption keys, the report adds.
But the main question is whether or not threat actors have the capability to gather the traffic coming through non-VPN sources seen on such apps. This may be done to get a lot more insight into the data or the user involved. But for now, this is not clear.
Seeing how big of a security and privacy lapse this could be on both Apple and Android devices is beyond concerning. And seeing the mighty alarm bells ringing could mean that both companies do realize it and are still continuing to do nothing about it. Hence, it’s more or less like a type of intended behavior.
So what’s the solution to this mega concern? Experts feel it’s time that we become aware of the matter and make sure top tech giants like Apple and Google do not end up leaking out the data through the VPN connection. This could be done thanks to the likes of VPNs found on Wi-Fi routers. And that’s because there is no way on the device to allow for such forced behavior.
We do hope that leading tech analysts get active soon and see how such matters can be resolved.
Read next: New Flaw Detected In Android’s ‘Always-On VPN’ Shows How The Feature Leaks Data
The report spoke in detail about how the apps are able to bypass VPN connections and communicate with external sources outside the tunnel.
As you can imagine, the news is not being taken too well by many who feel it’s a major security lapse.
In 2020, we saw ProtonVPN go public with a bug inside iOS 13 and it went on to dictate how it would stop VPNs from completely encrypting data. Hence, the IP addresses were getting exposed as was data. At the same time, it was getting rid of any existing network connections that got active after the user began using their VPN.
But then this year in August, we saw another security expert shed light on how the flaw was never eliminated and continues to exist on iOS devices.
He adds that it takes minimal time to make this take place again and the fact that such issues are so consistent means that Apple isn’t doing something about it. And then another similar report came by another security researcher who reported similar findings and set out alarm bells about how this is not okay as it was putting so many users at risk of having their data exposed.
Yesterday, Tommy Mysk went public with the results of a series of tests that he conducted, thanks to assistance from ProtonVPN and Wireshark. These were tools that could better analyze traffic coming into the network.
Some findings went as far as stating how DNA requests arising from Apple’s apps on the iOS 16 device were ignoring VPNs when generating responses back to Apple’s own servers. And common apps involved included the likes Clips, Files, Wallet, Settings, Find My, and Maps. And then there was a short discussion about how the same occurs with Google Services on Android devices.
Just the thought of Android communicating with Google outside the VPN tunnel activation is mind-blowing and the phone he used was a Pixel one that had Android 13 running across it.
While some of the Apple apps outlined make use of end-to-end encryption, others utilize factors like encryption in transit to carry out the deed. And when the data is being sent to the servers, the iCloud present on Apple manages to encrypt it. This format is stored with any encryption keys, the report adds.
But the main question is whether or not threat actors have the capability to gather the traffic coming through non-VPN sources seen on such apps. This may be done to get a lot more insight into the data or the user involved. But for now, this is not clear.
Seeing how big of a security and privacy lapse this could be on both Apple and Android devices is beyond concerning. And seeing the mighty alarm bells ringing could mean that both companies do realize it and are still continuing to do nothing about it. Hence, it’s more or less like a type of intended behavior.
So what’s the solution to this mega concern? Experts feel it’s time that we become aware of the matter and make sure top tech giants like Apple and Google do not end up leaking out the data through the VPN connection. This could be done thanks to the likes of VPNs found on Wi-Fi routers. And that’s because there is no way on the device to allow for such forced behavior.
We do hope that leading tech analysts get active soon and see how such matters can be resolved.
Read next: New Flaw Detected In Android’s ‘Always-On VPN’ Shows How The Feature Leaks Data
