Gå til hovedinnhold

Force all app traffic into the tunnel

Privacy App Security 

A year ago, we wrote about how bugs in Apple's networking stack are preventing the iOS app from being as secure as possible. The bugs are still there, but we have secured our app anyway.

The Problem

Due to the intricacies of Apple's NetworkExtension framework, we have been stuck with a VPN app that we knew would leak traffic in some circumstances on iOS. There is a known fix for this but it comes with significant downsides. The biggest one being the way this breaks the app update and the user get stuck in a broken update loop.

  • AppStore determines it should update our app
  • iOS bricks the networking stack whilst trying to update the app
  • User reboots phone
  • Phone can reach the internet again
  • AppStore determines it should update our app
  • iOS bricks the networking stack whilst trying to update the app

The workaround

We have decided that we are not going to wait anymore and we would like to offer our users the best possible privacy and security, even if it comes with major UX limitations.

With more users experiencing these limitations first hand we also increase the likelihood that the issue will be resolved upstream.

Thus, soon we will be releasing a new version of the iOS app that will contain a feature called Force all apps. Under the hood, enabling this feature sets the includeAllNetworks configuration option to true. We have tried to make sure that users who enable the feature do so deliberately, without making them jump through too many hoops. The phone can still enter the broken update loop, but now users should receive a notification about a new version being available before the app gets auto-updated.

Updating the app

You must use one of these methods to avoid getting stuck in an update loop.

  • Disconnect the VPN while the app is updated.
    App will not reconnect automatically after it is updated, but Force all apps will remain enabled.
  • Disable Force all apps while the app is updated. 
    App will reconnect automatically after it is updated, but Force all apps will have to be re-enabled manually.

In both cases, your traffic will leak during the update process - we do not believe there is a workaround for this.

We do however expect a minority of our users using this feature will end up with a broken networking stack, and unfortunately there is not much we can do. If you've been affected by this, we can only encourage you to capture the anguish and express it as a feedback report to Apple.

As for the bug where, with includeAllNetworks enabled, our tunnel process cannot bind sockets to the tunnel device - that is still there and it still is an issue. As such, our workaround to use userspace networking will remain in place.