Security researchers just handed Proton VPN a rare clean bill on Apple devices. While most competitors leave behind a quiet but persistent identifier inside the VPN tunnel, Proton doesn’t. The difference comes down to one simple number: 10.2.0.2.
Inside the iOS Tunnel
Here’s how it works. On iOS, the system assigns each active VPN connection a private IP address for the virtual tunnel interface. Apps don’t need special permission to read it. They just query the network stack. Over time that address becomes a stable marker. Change apps, switch networks, even reboot. The same value often returns. Developers can tie activity across unrelated programs to one device and one session. No logs required. No server cooperation. Just local observation.
Mysk, the privacy analysis firm known for its open-source Loupe tool, tested popular services in mid-June. TechRadar reported the results on June 19, 2026. “Using Loupe, we found out that Proton VPN is the only VPN that prevents internal tunnel IP fingerprinting by assigning 10.2.0.2 to all users,” the researchers stated. “Other VPNs, such as Mullvad, assign a static and unique IP per session. This allows iOS apps to track user sessions across apps.”
Short. Direct. And backed by code anyone can run.
Most providers follow the conventional WireGuard pattern. The server hands the client a distinct address from a pool for that connection. It might be 10.0.0.47 for one user today and 10.0.0.92 tomorrow. Or it might stay fixed for the lifetime of a device registration. Either way, the value repeats enough to serve as a correlator. An analytics library inside a weather app and another inside a shopping app suddenly share a common token. The advertising ID may rotate. This one doesn’t.
Proton took a different route. Every iOS client receives the identical address: 10.2.0.2. The choice looks odd at first. Network engineers usually avoid address collisions. But inside a point-to-point tunnel the remote end controls routing. The actual packets carry the public VPN server IP on the outside. The internal value never leaves the device in a way that collides with real traffic. So the duplication carries no functional penalty. It does erase the per-user marker.
Analysts have long warned about side-channel identifiers on mobile platforms. Browser fingerprinting gets most of the attention. Canvas data, WebGL, fonts, audio context. Those techniques require web access. The tunnel IP works offline. It survives private browsing. It works even when the user employs a hardened browser or blocks trackers. Any native app can read it.
But. The finding matters most for users who treat their VPN as the foundation of mobile privacy. They install the app expecting the provider to close every gap Apple left open. In this case Proton did. Others haven’t. Yet.
Mullvad acknowledged related problems months earlier. The company noted that static per-device IPs could leak through WebRTC or other APIs. Its blog outlined plans to move toward dynamic assignment. That change would shrink the window during which a single address repeats. It wouldn’t eliminate the fingerprint entirely the way Proton’s uniform address does. Still, it shows the industry understands the vector.
Apple bears responsibility too. The platform lets any app inspect the tunnel configuration without user consent or notification. Developers don’t even need to declare a special entitlement. The information sits there in the system APIs, exposed by design. Researchers have complained about similar leaks when VPN apps update. Real IP addresses slip out during the brief period the old configuration tears down and the new one spins up. Mullvad added warnings for users. Mysk confirmed the leak persists in the latest iOS betas.
So the tunnel IP issue sits inside a larger pattern. Apple controls the networking stack. VPN providers must work within its constraints. Some accept the trade-offs. Others push harder against them.
Proton’s approach carries trade-offs of its own. Uniform addresses could complicate debugging on the backend. Support teams lose one data point when investigating connection problems. The company appears willing to accept that cost. Its iOS app already ships with open-source components and has passed multiple independent audits. The uniform tunnel address adds another layer of defense that doesn’t rely on marketing claims.
Industry observers note the timing. Interest in mobile privacy tools has climbed as regulators scrutinize data brokers and cross-app tracking. Apple’s own App Tracking Transparency prompt forced many companies to rethink their strategies. Some simply moved to fingerprinting methods that don’t require explicit permission. The tunnel IP offers one more such method. Until now few users knew it existed.
Tests with Loupe make the distinction visible. Install the app, connect to Mullvad, watch the displayed tunnel address change or remain unique across resets. Switch to Proton. The value stays locked at 10.2.0.2. The Loupe readout shows generic data. No persistent marker. The difference is binary.
Experts caution against overinterpreting a single result. TechRadar noted its team could confirm Proton’s behavior but lacked resources to test every service on the market. Smaller providers or those using custom protocols might behave differently. The core observation holds: assigning unique recurring addresses creates an avoidable privacy risk on iOS.
Users face practical choices. They can switch to Proton for this specific protection. They can run WireGuard configurations manually and accept the loss of convenience features. Or they can accept that native apps may still correlate activity through this channel. No solution is perfect. The platform itself would need changes to close the gap completely.
Apple has shown little urgency. The leak during app updates remains open. The tunnel address exposure stays untouched. Both Mysk and Mullvad have raised the issues publicly. Progress has been limited.
In the meantime Proton’s decision stands out. One number, applied universally, removes a tracking signal that competitors still emit. The finding won’t make headlines like a new protocol or a speed record. It does illustrate a quieter truth. Real privacy work often happens in the small technical decisions. The ones most users never see. Until a researcher builds a tool that makes them visible.
That visibility matters. Security teams, privacy advocates, and enterprise IT managers now have fresh data when evaluating mobile VPN options. The uniform address isn’t a complete shield. It removes one vector. Combined with audited code, transparent infrastructure, and features like always-on protection, it strengthens the overall case.
Future updates could change the picture. Mullvad’s dynamic assignment might narrow the gap. Apple could tighten the APIs or add permissions for tunnel metadata. Until then the test results from Mysk and the coverage in TechRadar give Proton a measurable lead on iOS.
Watch the space. The next Loupe release or a fresh iOS beta may shift the numbers again. For now the score is clear. Only one major provider avoids leaving fingerprints inside the tunnel.
WebProNews is an iEntry Publication