In a discovery by VPN service Proton, it appears that iOS 13.4 comes with a security vulnerability that prevents data from being secured while using a VPN on your phone. According to Proton, the bug will not close existing unsecured connections while the VPN is active, thus allowing them to remain open and unsecured for minutes and hours while remaining outside of the VPN’s tunnel.
What’s worrying is that Proton claims to have discovered this bug dating back to iOS 13.3.1 and reached out to Apple to warn them about it. The company claims that Apple did acknowledge the issue, but oddly enough did not fix it, despite iOS 13.4 coming out nearly two months after the previous update.
Proton also claims that unfortunately, due to the way iOS has been designed where it does not allow VPNs to kill active connections, there doesn’t seem to be a workaround to the problem. Instead, users will need to do it manually on their end by launching their VPN, turning on AirPlane mode to kill off active connections, and then turning it back off.