Mullvad VPN iOS Update Launches System-Wide Leak Protection

In the high-stakes world of digital privacy, the mobile operating system has long been the “weakest link” for anonymity seekers. While desktop environments allow for granular firewall controls and kernel-level traffic routing, Apple’s iOS has historically operated within a “walled garden” that prioritize system stability and Apple’s proprietary services over absolute traffic isolation. On April 21, 2026, the privacy-focused provider Mullvad VPN iOS application received a landmark update designed to dismantle this status quo. With the introduction of the “Force all apps” feature, Mullvad has effectively declared war on the silent data leaks that have plagued iPhone users for over half a decade.

This update is not merely a cosmetic toggle; it is a fundamental shift in how the Mullvad VPN iOS client interacts with the Apple NetworkExtension framework. By leveraging the includeAllNetworks configuration—a setting Apple introduced as an optional “fix” but which most developers avoided due to its severe usability side effects—Mullvad is providing its users with an airtight system-wide kill switch. For the first time, “privacy purists” have a mechanism to ensure that not a single byte of data leaves their device unless it is encapsulated within an encrypted WireGuard tunnel.

The Anatomy of the Leak: Why iOS VPNs Were Traditionally “Broken”

To understand the significance of the “Force all apps” update, one must first revisit the technical controversy that has surrounded Apple’s networking stack since 2020. Security researchers, most notably Michael Horowitz and the team at Proton VPN, discovered that when a VPN is activated on iOS, the operating system does not automatically terminate existing data connections. Instead of all traffic being instantly rerouted through the new tunnel, many background processes—including Apple’s own services like Push Notifications, iCloud syncing, and Find My—continue to communicate over the unencrypted ISP or cellular connection.

The technical root of the problem lies in the Packet Tunnel Provider architecture. Historically, when a VPN tunnel is established, the OS is supposed to update the routing table. However, iOS often ignores these updates for “long-standing” sockets. This means that if you were downloading a file or syncing your mail before turning on your VPN, that specific stream of data would continue to “leak” outside the tunnel until the connection was manually reset. The common workaround—toggling Airplane Mode on and off to force a reconnection—was often unreliable and easily forgotten by the average user.

The Michael Horowitz Legacy and the “Scam” Narrative

By 2022, the situation had escalated to the point where Horowitz famously labeled VPNs on iOS a “scam.” His research, confirmed by Wireshark traces, showed that even with a VPN active, traffic to Amazon Web Services (AWS) and Apple’s own servers remained visible to the local network administrator. This was particularly dangerous for users in restrictive regimes where connecting to a known “Western” service could trigger surveillance flags. Mullvad VPN iOS users have long requested a definitive solution to this platform-level vulnerability, leading to the development of the “Force all apps” feature.

How “Force All Apps” Changes the Traffic Flow

The “Force all apps” feature utilizes a specific flag in the iOS Network Extension API called includeAllNetworks. When this Boolean value is set to true, the iOS networking stack undergoes a radical transformation. Instead of the “best-effort” routing typical of mobile VPNs, the system is instructed to route virtually all traffic through the tunnel interface. This includes:

• System-level traffic: Apple’s background services that previously bypassed the tunnel.
• Existing connections: Sockets that were open prior to the VPN being established are forcibly redirected or terminated.
• App Store and Update traffic: The very downloader used to maintain the device.

By enforcing this strict policy, Mullvad VPN iOS acts as a total gateway. If the VPN tunnel fails or is disconnected, the networking stack “fails closed,” preventing any data from escaping. This is the definition of a true system-wide kill switch, something that was previously only achievable via Mobile Device Management (MDM) profiles used by corporate enterprises.

The Conflict with Apple’s “Walled Garden” Services

Despite the security benefits, Apple’s official documentation for includeAllNetworks notes that the system still excludes certain critical traffic to maintain “expected device functionality.” These exclusions typically include:

• DHCP and Local Networking: Necessary for maintaining a basic connection to a Wi-Fi router.
• Captive Portal Negotiation: The screens used to sign into public Wi-Fi at hotels or airports.
• VoLTE (Voice over LTE): To ensure that emergency calls and standard cellular voice traffic are not interrupted by a VPN failure.

However, for the vast majority of application data, Mullvad’s implementation closes the gaps that have existed for years. By prioritizing strong encryption and leak protection, Mullvad is effectively stripping away the “convenience exemptions” that Apple built into the OS.

The Price of Absolute Security: The “Update Loop” Deadlock

Mullvad is uniquely transparent about the “UX limitations” introduced by this new feature. The most significant drawback is a technical phenomenon known as the Connectivity Deadlock or “Update Loop.” Because the “Force all apps” setting tells the iPhone that nothing can reach the internet except through the Mullvad tunnel, a paradox occurs when the Mullvad app itself needs an update.

When the iOS App Store triggers an automatic update for the Mullvad VPN iOS client, it must first terminate the current version of the app to install the new one. As soon as the app process is terminated, the VPN tunnel collapses. With “Force all apps” active, the iOS networking stack immediately bricks itself, waiting for a VPN tunnel that no longer exists to route the traffic. The App Store downloader, now unable to reach the internet, cannot download the new version of the app to restore the tunnel. This leaves the user in a broken loop where the phone has no internet access until the device is rebooted or the VPN configuration is manually deleted.

Mullvad’s Philosophy: Privacy Over Convenience

In a bold move that separates them from competitors like NordVPN or ExpressVPN, Mullvad has decided to prioritize “absolute security for privacy purists” over seamless user experience. In their official release notes, the company stated: “We have decided that we are not going to wait anymore and we would like to offer our users the best possible privacy and security, even if it comes with major UX limitations.”

To mitigate this, the app now includes a proactive notification system. When a new version of the app is available, users receive a push notification (which is ironically one of the few services allowed to bypass the tunnel briefly) warning them to manually toggle the “Force all apps” setting off or to disconnect the VPN before proceeding with the update. While this adds friction to the user experience, it ensures that the user is always in control of when their traffic might potentially leak.

Technical Deep Dive: Userspace Networking and Socket Binding

Beyond the includeAllNetworks flag, the April 2026 update addresses deeper technical hurdles involving socket binding. Under the standard iOS VPN implementation, the VPN “tunnel process” (a separate background process from the UI app) attempts to bind its own communication sockets to the tunnel interface. However, when includeAllNetworks is enabled, this binding process often fails because the system prevents the VPN from “talking to itself” through the very tunnel it is creating.

To solve this, Mullvad VPN iOS utilizes a custom userspace networking stack. Instead of relying purely on the kernel’s internal routing, the app processes packets within the application’s own memory space before handing them off to the system. This allows Mullvad to maintain a stable WireGuard connection even when the OS is aggressively trying to restrict traffic flow. This level of engineering is rare in the consumer VPN market and highlights why Mullvad remains the preferred choice for technical users and investigative journalists.

Comparison with Competitive Kill Switch Implementations

While many VPN providers claim to offer an iOS kill switch, most are “best-effort” implementations that only work when the app is active in the background. If the iOS “Springboard” (the system’s process manager) decides to kill the VPN app to save memory, those standard kill switches often fail, leading to silent leaks. By using the system-level includeAllNetworks flag, Mullvad ensures that the protection is baked into the OS’s networking ruleset, making it resilient even if the app process itself is terminated unexpectedly.

Is “Force All Apps” Right for You?

The “Force all apps” feature is not for every user. It represents a “Hard Mode” for mobile privacy. Users who should consider enabling it include:

1. Journalists and Activists: For whom a single unencrypted packet could reveal their location or identity to a hostile ISP.
2. Public Wi-Fi Users: Individuals who frequently connect to untrusted networks where “side-loading” of traffic by malicious actors is common.
3. Privacy Enthusiasts: Users who want their iPhone to behave as closely as possible to a hardened Linux workstation.

Conversely, the average user who values “set-it-and-forget-it” functionality may find the manual update process frustrating. For these users, the standard Mullvad VPN iOS protection—which is already highly rated—will likely suffice. However, the option to reach “Absolute Zero” leakage is a powerful tool in the arsenal of digital self-defense.

Conclusion: Pressuring the Upstream Walled Garden

Mullvad’s decision to release this feature, despite its “rough edges,” is also a strategic move to pressure Apple. By highlighting the “anguish” (a term Mullvad specifically used in their documentation) of the update loop, they are forcing the reality of iOS’s networking flaws into the public eye. If enough high-profile privacy apps adopt these strict configurations, Apple may eventually be forced to update the NetworkExtension framework to allow for “excluded app bundles” or a “safe harbor” for VPN updates.

The April 21, 2026 update to Mullvad VPN iOS is a watershed moment. It marks the transition from “VPN as an app” to “VPN as a system-level policy.” While the journey toward a truly leak-proof mobile experience is fraught with usability trade-offs, Mullvad has proven that for those who demand absolute privacy, no compromise is too small and no technical hurdle is insurmountable. As we move deeper into an era of pervasive surveillance, the “Force all apps” feature stands as a beacon of what is possible when a company refuses to wait for the platform holder to “do the right thing.”