Closed rakleed closed 11 months ago
This alert was implemented as a security improvement feature, as suggested by an independent auditor.
A malicious app or widget could be installed on the device and use the same URL scheme to disconnect IVPN users without their knowledge or consent, exposing the user to unsecured traffic.
@jurajhilje none of the other VPN apps I've used (ProtonVPN, Surfshark, NordVPN) have an additional confirmation popup when connected via a widget.
How will a user be able to install a malicious app if apps are heavily moderated in the App Store? And other installation methods (AltStore, paid developer certificates, or JailBreak) seem to be used by less than 0.1% of users.
If you don't want to completely abandon this popup, can you then give the user the option to turn it off in the settings?
@rakleed App Store is not 100% free of malicious apps. However, the chance for that is low. Having a toggle in the settings to turn off this alert popup sounds good to me.
In Settings -> Advanced, now there is "Connect VPN from Widget alert" option, which is enabled by default. When disabled, there should be no prompt/alert when connecting or disconnecting VPN from the Widget.
@gorkapernas Available for QA in 2.11.1 (1)
Verified on 2.11.1 (3), a new option in "Advance" setting has been implemented which allows users to disable the widget connection/disconnection alert. Note: there was an issue where the app didn't disconnect from the VPN when the alert was disabled, but this has been resolved in the latest beta version. Tested on iPhone XR iOS 17.2 and iPad 10 iPadOS 17.1.1
Bug report
Describe your environment
Describe the problem
Steps to reproduce:
Observed Results:
Expected Results:
Relevant Code: