iOS/iPad OS VPN configuration storage

App & System Services Networking
patrikk OP
Created Mar ’20
Replies 4
Boosts 0
Views 677
Participants 2

Hi


I have failed to find information about where and how the OS/system stores the VPN configurations (we have a PacketTunnel solution, if it matters), except for the sensitive parts which seems to be stored in the shared vpn keychain.


So how does the system store the other parts of the configurations? Is it safe? Reachable from other apps in any way?

Does the system handle configurations from profiles (mobileconfig) which targets our app/extension different from those made in our main app (regarding storage etc)?


Thanks for the help!

Answered by DTS Engineer in 410695022

We do not, in general, document how the system stores information like this because it can change from release to release. I can answer the following because it’s about APIs:

Reachable from other apps in any way?

No. In general, apps can only ‘see’ VPN configurations that they are responsible for:

  • If you’re configuring Personal VPN, this means the configuration you create.

  • If you have a tunnel provider, this means any configurations you create and any configurations for your provider installed via a configuration profile.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Replies  4
Boosts  0
Views  677
Participants  2
DTS Engineer OP
Apple
Mar ’20
Accepted Answer

We do not, in general, document how the system stores information like this because it can change from release to release. I can answer the following because it’s about APIs:

Reachable from other apps in any way?

No. In general, apps can only ‘see’ VPN configurations that they are responsible for:

  • If you’re configuring Personal VPN, this means the configuration you create.

  • If you have a tunnel provider, this means any configurations you create and any configurations for your provider installed via a configuration profile.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
patrikk OP
Mar ’20

Thanks eskimo.


One more question; do you know if the configurations are encrypted (e.g. not only the sensistive parts which are stored in the keychain)? Our main concern is if it would be possible to access the configuration (rooted phone or so) and modify it..

0
DTS Engineer OP
Apple
Mar ’20

do you know if the configurations are encrypted

I don’t know.

Our main concern is if it would be possible to access the configuration (rooted phone or so) and modify it.

Why is this a concern?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
patrikk OP
Mar ’20

My customer don't really want anyone to be able to alter them.. Not really sure why this is of great concern (since I don't really see any sensitive data that we store there..). Just thought it would be nice to be able to tell them if it is safe or not.


Thanks for the answers!

0
iOS/iPad OS VPN configuration storage
First post date Last post date
 
 
Q