Apple’s iOS ecosystem continues to pose distinct challenges for VPN services, particularly due to potential data leaks affecting certain types of traffic. On Tuesday, Mullvad VPN—widely recognized for its strong privacy standards—announced a new solution aimed at addressing this issue. However, the company is allowing users to decide whether to enable it, as the fix may complicate the iOS update process.
Security concerns on iOS include vulnerabilities to leaks and LocalNet attacks, in which attackers imitate trusted nearby Wi-Fi networks, such as those found in cafes. While VPNs can mitigate these risks, doing so requires routing all app data through the VPN. Mullvad’s approach involves enabling an “includeAllNetworks” configuration to enforce this behavior.
Although Mullvad has long been aware of this method, it previously avoided implementing it due to compatibility issues with Apple’s update system. In some cases, this setup could trigger a loop where iOS repeatedly attempts to update the Mullvad app, potentially causing devices to freeze, restart, and retry the update continuously.
The company has now introduced a new setting that activates includeAllNetworks, effectively addressing the leak vulnerability. To prevent update-related issues, Mullvad has made the feature optional and added a safeguard mechanism. When an iOS update is detected, users will receive a notification advising them to temporarily disable the VPN or switch off the includeAllNetworks setting to avoid complications. A representative from Mullvad didn't immediately respond to a request for comment.
Details about the rollout of this feature remain unclear, but Mullvad indicates it will be available soon. The company also cautions that the workaround is not flawless and encourages iOS users to report any instances of device freezing or bricking during updates directly to Apple.
For users exploring VPN options, Mullvad continues to stand out for its focus on advanced privacy measures. The service has incorporated post-quantum encryption to safeguard against future quantum-based threats and has implemented protections against AI-driven traffic analysis. Priced at $5 per month, it remains an affordable choice for privacy-conscious users.
