On the heels of news that Android bypasses VPNs and leaks data, developers have discovered that iOS 16 does even worse.

Developers at Mysk have discovered that iOS 16 contacts Apple’s servers outside of a VPN tunnel, even leaking DNS requests. A number of different services trigger the behavior, including Health, Maps, and Wallet.

The issue is similar to one Mullvad discovered with Android devices, where Google’s operating system routes some traffic outside a VPN connection. Android even does this when the Block connections without VPN option is enabled.

Both issues are extremely concerning. When a VPN is in use, ALL traffic should be routed through the VPN. The issue is even more concerning with iOS 16 since it is leaking DNS information. Apple has worked hard to cultivate a reputation for privacy and security, making this latest news especially embarrassing for the company.

While VPNs are not the security silver bullet some make them out to be, they are nonetheless an important element in the battle to remain private online. For the two major mobile operating systems to circumvent VPNs and contact their respective companies’ servers is an egregious security and privacy violation.