UPDATE (April 7th 8:57AM PDT) VPN Bug Not Fixed
ProtonVPN has stated on Twitter that the latest iOS and iPadOS versions do not fix the VPN encryption bug outlined below. It remains unclear when Apple is going to patch it.
Apple has released iOS and iPadOS 13.4.1 to the general public with general bug fixes, but more importantly a fix for a security issue that left user data exposed via VPN’s.
Bleeping Computer reported that in iOS 13.3.1, Apple prevents VPNs from being fully encrypted exposing user data, saying in their reported;
Typically, when you connect to a virtual private network (VPN), the operating system of your device closes all existing Internet connections and then re-establishes them through the VPN tunnel.
A member of the Proton community discovered that in iOS version 13.3.1, the operating system does not close existing connections. (The issue also persists in the latest version, 13.4.) Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel.Bleeping Computer
ProtonVPN, a popular VPN app for the iPhone and iPad noted that Apple’s seucirty issue undermines their own ability to say they can secure user data, telling Bleeping Computer:
Those at highest risk because of this security flaw are people in countries where surveillance and civil rights abuses are common.
Neither ProtonVPN nor any other VPN service can provide a workaround for this issue because iOS does not permit a VPN app to kill existing network connections.Proton VPN Statement
Apple was noted of this bug earlier last year, the delay for a fix is unknown but it seems with millions working from home and relying on their iOS device, bringing this forward now is crucial.
iOS and iPadOS 13.4.1 are available now for download, you can head over to Settings- General- Software Update, or you can update via your Mac or Windows.