Closed rakleed closed 11 months ago
jurajhilje
commented
2 years ago This alert was implemented as a security improvement feature, as suggested by an independent auditor.
A malicious app or widget could be installed on the device and use the same URL scheme to disconnect IVPN users without their knowledge or consent, exposing the user to unsecured traffic.
rakleed
commented
2 years ago @jurajhilje none of the other VPN apps I've used (ProtonVPN, Surfshark, NordVPN) have an additional confirmation popup when connected via a widget.
How will a user be able to install a malicious app if apps are heavily moderated in the App Store? And other installation methods (AltStore, paid developer certificates, or JailBreak) seem to be used by less than 0.1% of users.
If you don't want to completely abandon this popup, can you then give the user the option to turn it off in the settings?
jurajhilje
commented
2 years ago @rakleed App Store is not 100% free of malicious apps. However, the chance for that is low. Having a toggle in the settings to turn off this alert popup sounds good to me.
jurajhilje
commented
11 months ago In Settings -> Advanced, now there is "Connect VPN from Widget alert" option, which is enabled by default. When disabled, there should be no prompt/alert when connecting or disconnecting VPN from the Widget.
jurajhilje
commented
11 months ago @gorkapernas Available for QA in 2.11.1 (1)
gorkapernas
commented
11 months ago Verified on 2.11.1 (3), a new option in "Advance" setting has been implemented which allows users to disable the widget connection/disconnection alert. Note: there was an issue where the app didn't disconnect from the VPN when the alert was disabled, but this has been resolved in the latest beta version. Tested on iPhone XR iOS 17.2 and iPad 10 iPadOS 17.1.1
Bug report
Describe your environment
Describe the problem
Steps to reproduce:
Observed Results:
Expected Results:
Relevant Code: