ios-app icon indicating copy to clipboard operation
ios-app copied to clipboard

Published 20 hours ago verified publisher icon ivpn

When connecting through widget, popup appears to confirm connection

Open rakleed opened this issue 2 years ago • 3 comments

Bug report

Describe your environment

  • Device:
  • OS name and version: iOS 15.5
  • IVPN app version: 2.6.3 (8)

Describe the problem

Steps to reproduce:

  1. Add a widget to the widget screen
  2. Connect via the widget

Observed Results:

  • A pop-up appears to confirm the connection, which makes no sense because by clicking Connect on the widget, I already indicated that I want to connect to the VPN. This popup only makes it harder to connect to the VPN.

Expected Results:

  • VPN connection in progress.

Relevant Code:

rakleed avatar Jul 25 '22 03:07 rakleed

This alert was implemented as a security improvement feature, as suggested by an independent auditor.

A malicious app or widget could be installed on the device and use the same URL scheme to disconnect IVPN users without their knowledge or consent, exposing the user to unsecured traffic.

jurajhilje avatar Jul 25 '22 10:07 jurajhilje

@jurajhilje none of the other VPN apps I've used (ProtonVPN, Surfshark, NordVPN) have an additional confirmation popup when connected via a widget.

How will a user be able to install a malicious app if apps are heavily moderated in the App Store? And other installation methods (AltStore, paid developer certificates, or JailBreak) seem to be used by less than 0.1% of users.

If you don't want to completely abandon this popup, can you then give the user the option to turn it off in the settings?

rakleed avatar Jul 26 '22 23:07 rakleed

@rakleed App Store is not 100% free of malicious apps. However, the chance for that is low. Having a toggle in the settings to turn off this alert popup sounds good to me.

jurajhilje avatar Jul 27 '22 06:07 jurajhilje

Notes for QA

In Settings -> Advanced, now there is "Connect VPN from Widget alert" option, which is enabled by default. When disabled, there should be no prompt/alert when connecting or disconnecting VPN from the Widget.

jurajhilje avatar Nov 22 '23 14:11 jurajhilje

@gorkapernas Available for QA in 2.11.1 (1)

jurajhilje avatar Nov 27 '23 10:11 jurajhilje

Verified on 2.11.1 (3), a new option in "Advance" setting has been implemented which allows users to disable the widget connection/disconnection alert. Note: there was an issue where the app didn't disconnect from the VPN when the alert was disabled, but this has been resolved in the latest beta version. Tested on iPhone XR iOS 17.2 and iPad 10 iPadOS 17.1.1

gorkapernas avatar Nov 29 '23 10:11 gorkapernas