Network usage incorrectly attributed to VPN app

Question

appleDev_Swathi OP

Created Jun ’21

Replies 3

Boosts 0

Views 1.4k

Participants 4

Hello ,

In iOS devices, When using an app that provides a local VPN ( this VPN does not send traffic outside the device- makes some checks and packets reach the original destination) The data usage is incorrectly attributed to the VPN app as well as the app where the data has originated.

For example when playing a video on YouTube on cellular data with a VPN on : Settings app shows data consumed by YouTube consumption as 10MB and the VPN app consumption as an additional 8 MB. The data usage attributed to the apps is not constant and varies each time.

However the service provider shows for that session only 10 MB was used.

We tried this over different kinds of VPN both local and remote and the random data usage was attributed all VPN apps. During this experiments we had data turned off for all other apps as well

Is a fix for this on the map? Can the app developer do something so the data does not get attributed ?

Boost

Answer 1

DTS Engineer OP

Apple

Jun ’21

this VPN does not send traffic outside the device- makes some checks and packets reach the original destination

So, you know how Matt and I rattle on about not using iOS’s VPN infrastructure for stuff that isn’t VPN? Well, this is a perfect example of how that can go wrong. So, to reiterate…

IMPORTANT iOS’s VPN infrastructure — that is, Network Extension packet tunnel and app proxy providers — are intended to be used to provide VPN. Using them for other purposes — to track network traffic, or as a content filter, or to intercept DNS requests — is not supported by DTS. If you do this anyway, you will run into weird problems and DTS will not help you with them.

So, there’s two scenarios here:

You hit this problem solely with ‘local VPN’ — While you should feel free to file a bug about that, DTS will not be able to help you with it.
You hit this problem with an actual VPN client — Again, you’ll definitely want to file a bug about the problem, but in this case it’s probably worth opening a DTS tech support incident so that Matt or I can take a look at this in more detail.

If you do file a bug, please post your bug number, just for the record.

Finally, if you’re goal is to implement a content filter and you were previously blocked by the supervised device requirement, there’s been some progress on that front. See WWDC 2021 Session 10123 Meet the Screen Time API for the details.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1

Answer 2

appleDev_Swathi OP

Jun ’21

Thank you for your response. Our VPN is implemented using Apple's PacketProviderNetworkExtension. As per this network extension, iOS ensures that traffic is first tunnelled through this local VPN and then packets are routed to original destination. I can ensure that this is a valid case. We are hitting this problem with our local VPN and we are ablate reproduce this with some other local and remote VPN solutions.

I think in either case, your suggestion is to file a bug. Will do so, I can provide more details. Thanks for your time.

0

Answer 3

DTS Engineer OP

Apple

Jun ’21

iOS ensures that traffic is first tunnelled through this local VPN and then packets are routed to original destination.

Can you clarify what you mean by “local VPN” in this context? Earlier you wrote:

this VPN does not send traffic outside the device- makes some checks and packets reach the original destination

and that doesn’t match my definition of a VPN.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0