iOS/iPad OS VPN configuration storage

Hi


I have failed to find information about where and how the OS/system stores the VPN configurations (we have a PacketTunnel solution, if it matters), except for the sensitive parts which seems to be stored in the shared vpn keychain.


So how does the system store the other parts of the configurations? Is it safe? Reachable from other apps in any way?

Does the system handle configurations from profiles (mobileconfig) which targets our app/extension different from those made in our main app (regarding storage etc)?


Thanks for the help!

Accepted Reply

We do not, in general, document how the system stores information like this because it can change from release to release. I can answer the following because it’s about APIs:

Reachable from other apps in any way?

No. In general, apps can only ‘see’ VPN configurations that they are responsible for:

  • If you’re configuring Personal VPN, this means the configuration you create.

  • If you have a tunnel provider, this means any configurations you create and any configurations for your provider installed via a configuration profile.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

We do not, in general, document how the system stores information like this because it can change from release to release. I can answer the following because it’s about APIs:

Reachable from other apps in any way?

No. In general, apps can only ‘see’ VPN configurations that they are responsible for:

  • If you’re configuring Personal VPN, this means the configuration you create.

  • If you have a tunnel provider, this means any configurations you create and any configurations for your provider installed via a configuration profile.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks eskimo.


One more question; do you know if the configurations are encrypted (e.g. not only the sensistive parts which are stored in the keychain)? Our main concern is if it would be possible to access the configuration (rooted phone or so) and modify it..

do you know if the configurations are encrypted

I don’t know.

Our main concern is if it would be possible to access the configuration (rooted phone or so) and modify it.

Why is this a concern?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

My customer don't really want anyone to be able to alter them.. Not really sure why this is of great concern (since I don't really see any sensitive data that we store there..). Just thought it would be nice to be able to tell them if it is safe or not.


Thanks for the answers!