iPhone feature supposed to provide security, secretly as leaky as a basket

Are you using iCloud Private Relay on your iPhone? Then keep in mind that sometimes that protective layer can behave strangely. In fact, research shows that a bug in the software allows the system to ignore the firewall. The result is a leaky system that continues to communicate with Apple servers in the meantime.

This is according to research by VPN service Mullvad. Private Relay is able to connect to Apple’s servers without regard to the imposed rules of a macOS firewall. This problem can only be solved by disabling the functionality in its entirety, according to the VPN service.

iPhone VPN leaky as a basket

Specifically, this involves so-called QUIC traffic, which leaves a computer outside the Private Relay tunnel. QUIC is a general purpose network protocol. So while Private Relay function of the Cupertino-based company is not used at such a time, it is the source of the problem here.

“We don’t know exactly what information is being sent to Apple at that time,” Mullvad says on its own website. “Since the destination is an Apple server, that sends a strong signal to your provider and local network.” Indeed, this may reveal that you are most likely a macOS user.

Private Relay on macOS

Although the Private Relay feature is often in the news in conjunction with the iPhone, the fact is that the VPN-like service is also available for other systems. Incidentally, the feature often disables itself when you add a rule to the firewall on macOS. So very reliable does not seem to be the case right now.

Private Relay is now only available to paying customers and is still in beta. So it may be that Apple fixes the problem before the service comes out of beta. It’s not clear if other devices are also affected by a leak. And because the information is encrypted, it’s also impossible to see what kind of data is being sent.