[enhancement] Make DNS/VPN Truly Enforceable (Currently Not)

[Jikodis]

There is currently a very easy way to disable the DNSCloak VPN even if you have a passcode on the app and disable app uninstall. You just have to un-toggle "Connect On Demand" and the VPN shuts off. There is currently no way to stop this loophole and this might be Apple's intention in designing iOS.

The new feature request and proposal here is to either work around this easy loophole in some technical manner and make the DNS/VPN truly enforceable, or support the DNS Proxy (Supervised Only) setting in an iOS configuration profile which would enforce the DNS if I am understanding correctly (https://developer.apple.com/documentation/devicemanagement/dnsproxy).

[privacy-advo]

I strongly agree with Jikodis. And would love to enfore a always-on VPN.

[iambenmitchell]

This isn't possible on non-supervised devices

[privacy-advo]

Hi @MrBenFTW, a) yes. As far as I know, that's the case. But why not use this abbility to have an always-on VPN. Setting up a supervides device is easy.

b) How do VPN-apps handle always-on? Some claim they provide always-on modes. ProtoVPN states: https://protonvpn.com/support/always-on-vpn/ "The Kill Switch feature is not supported on Android or iOS. Instead, the ProtonVPN apps on these operating systems protect their users’ data with the Always-on feature. With Always-on, if your device is disconnected from the VPN, the ProtonVPN application reestablishes a secure VPN connection swiftly and automatically. For your protection, the Always-on feature is permanently activated on the iOS app."

On the other hand: https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/ "UPDATE Oct. 19, 2020: Although Apple has not fixed the VPN bypass problem directly on iOS 14, they have provided the Kill Switch capability to app developers. By enabling Kill Switch, existing connections will be blocked whenever VPN is enabled. We will be adding this capability in an upcoming release of ProtonVPN."

============ There is a way.