Mullvad VPN Introduces iOS ‘Force All Apps’ Feature to Prevent Data Leaks Mullvad VPN has rolled out a new security feature for its iOS application designed to eliminate potential data leaks during app updates. The update, announced on April 22, 2026, introduces a setting called “Force all apps” that routes all internet traffic through the VPN tunnel using Apple’s includeAllNetworks configuration. This feature addresses a long-standing vulnerability in iOS where automatic app updates temporarily disconnect the VPN, creating a window where user data could leak. When enabled, “Force all apps” ensures that every byte of device traffic must pass through the VPN, functioning as a strict kill switch that blocks all traffic if the VPN connection drops. However, implementing this security measure comes with usability trade-offs. Mullvad previously avoided enabling includeAllNetworks due to conflicts with iOS app updates, which could trigger an infinite loop where the system repeatedly attempts to update the VPN app, fails and reboots. To mitigate this, the company has added safeguards: when an update is available, users receive a notification advising them to either disable the VPN during the update or turn off the “Force all apps” setting temporarily. The feature is optional and requires manual intervention during future app updates to prevent potential device issues. Mullvad emphasizes that while the solution improves privacy protection, it is not perfect and encourages users to report any update-related problems to Apple. Mullvad, known for its strict no-logs policy and transparency, continues to prioritize user privacy by adopting advanced security measures like post-quantum encryption. The “Force all apps” update reflects the company’s commitment to closing known security gaps, even when it requires additional user effort to maintain functionality.
42