The Best VPN Apps for the iPhoneJune 18, 2018
Why You Need an iPhone VPN
At security conferences like Black Hat, you see a lot more iPhones in use than Android devices. Why? Because white hat hackers and other security experts know that Apple built iOS with security as a primary concern, and each update tightens up that security. When you authenticate with Touch ID or Face ID, you can change from that lame four-digit PIN to a custom alphanumeric passcode. That makes the data on your phone as secure as can be. But when you open communication across the internet, iOS can’t do a thing to protect your data in transit. That’s why you need to install a virtual private network, or VPN, on your iPhone—and on all your devices.
It’s true that modern cellular communication is thoroughly encrypted, not easily tapped unless you have access to police-level tools like the Stingray device, or data dumps from cell towers. Oh, it’s possible for bad actors to jam the secure 4G and 3G channels, forcing nearby phones to connect via insecure 2G to a briefcase-sized cell tower called a femtocell. In that scenario, the attacker has full access to all communication. But the likelihood you’ll suffer such an attack is vanishingly small.
The real problem is Wi-Fi. When you connect to the free Wi-Fi at the public library, airport, coffee shop, grocery, or wherever, your security is in the hands of the hotspot owner. A crooked network owner can sift through all your communications, hoovering up credit card numbers, passwords, and more. Other users of a nonsecured network can also find ways to track your network traffic, if they’re clever. Even your own ISP can now aggregate and sell nonpersonal information, thanks to the current administration’s steady dismantling of online security. It’s a jungle out there!
It gets worse. Once you’ve connected with a hotspot, your iPhone’s default behavior is to connect with that same hotspot automatically next time it comes in range. However, there’s no verification other than the SSID (network name) of the hotspot, and your iPhone broadcasts the names it’s looking for. It’s easy for bad guys to obtain a portable hotspot that listens for those broadcast queries and mimics every network name requested by nearby devices.
Note that the same dangers apply to that lightweight MacBook you’re carrying around. When you’re connected to Wi-Fi, you’re vulnerable. Be sure to install a Mac VPN before you head for the coffee shop.
Encryption and Location Spoofing
When your VPN is active, all your network traffic, whether from browsers, apps, or iOS itself, gets encrypted before it leaves your phone. This encrypted data stream travels to a server owned by the VPN company, where it’s decrypted and sent on its way.
Encrypted web traffic isn’t the only reason you need a VPN. With a direct, no-VPN connection to a website, your IP address not only identifies you to that site, but it also identifies your geographic location. Ad-trackers, snoops, and government agencies can use that IP address to track what you do online. When you’re using a VPN, however, the IP address that others see is that of the VPN company, not your own.
The best VPN companies maintain servers all over the world. On one hand, that means that when you’re traveling you can find a nearby server, and nearby typically means faster. On the other hand, you can spoof your location by choosing a server in a faraway country. Try doing that and visiting the Google website; you’ll find that it comes up in the language of your apparent location. Journalists embedded in repressive countries and political activists working against those repressive regimes have long relied on VPNs to communicate safely with the outside world. Of course, you may be breaking local laws just by using a VPN. For example, Russia has banned the use of VPNs, claiming a need to block terrorist activities.
Russia’s not alone. China announced plans to block all VPN usage by February 2018, and China’s internet censors recently displayed their power by blocking use of the letter N.. The big Chinese ISPs have been tasked with blocking unauthorized VPN use, while letting businesses continue to use their internal VPNs.
It’s not uncommon for online streaming services to offer content in one region, but not another. Offerings from Netflix and Hulu differ by country. Brits can watch BBC shows for free, while the same shows require a subscription in the US. Spoofing your location with a VPN can get you access to shows not normally available to you. But take care: Location spoofing may violate your terms of service. In addition, companies like Netflix are cracking down on VPN users. More often than not, streaming isn’t an option when your VPN is running.
Despite Wi-Fi and cellular security issues, privacy concerns, and the other potential benefits of location spoofing, too few people protect themselves and their traffic with a VPN. In fact, in our recent survey on VPN usage, 71 percent of respondents had never used a VPN. If you fall into that group, don’t worry! We’ve got a whole feature on how to set up and use a VPN.
What a VPN Can’t Do
The connection from your device to a VPN server is totally secure, but the same can’t always be said of the connection from the VPN server to the website you’re visiting. If it’s a plain old HTTP website, the back-and-forth between the site and the VPN server isn’t protected, and might conceivably be intercepted. If the site uses secure HTTPS, on the other hand, your interaction is encrypted from end to end.
Even with no VPN, your connection to a site that uses HTTPS, as Google wants every site to do, is encrypted. Of course, that HTTPS connection does nothing to hide your IP address. For the best security, use your VPN and also connect using HTTPS whenever it’s available.
While the data going to and from your VPN server is encrypted, using a VPN doesn’t get you the level of anonymity obtained by connecting through the TOR network, nor the concomitant ability to dive into the scary depths of the Dark Web. On the plus side, some VPN services include TOR-specific servers as an option.
It’s true that iPhone users have less to worry about when it comes to malware (but don’t get too complacent). However, you can still be duped by a phishing website into giving up your security credentials. A few iPhone VPNs promise to strip out fraudulent sites, malicious sites, and (in some cases) advertising from the data stream that pours into your iPhone. Just don’t rely too strongly on these, as in most cases they do the job using a simple blacklist. Phishing websites come and go ephemerally, and often vanish before they ever get blacklisted.
One word about net neutrality: since the FCC made the questionable decision to roll back net neutrality rules, VPNs have been offered up as a way to avoid ISP shenanigans. Yes, the Senate voted to save net neutrality, but the future is still uncertain. Without those rules in place, your ISP could require that you pay for plans to access services like Netflix or Twitter, or they could simply throttle the speeds of companies that don’t pay extra for so-called “fast lanes.” It’s still unclear what the future would look like without these rules, and while VPNs could definitely hinder the ISPs efforts, this is not an ideal solution. If this is a major concern for you, calling your senators and representatives in the US Congress is the best thing you can do.
Testing VPN Performance
Suppose your business involves shipping goods back and forth between City A and City B. If you add a requirement that they go off to City C for a security check in the middle of each run, the trip will naturally take longer. The same is true when you stick a VPN server in the middle of your connection to a website. Things almost always take longer. We have observed a few exceptions, however. The fastest VPNs running on Windows make downloads faster, probably due to their own high-speed connections. It’s as if the goods shipped from City C went via bullet train instead of slow freight. In our latest iPhone-based testing, just one product seemed to speed up the connection, though the rest didn’t slow things as much as in previous testing.
Before starting our VPN speed tests, we disable the cellular data network by putting the phone in airplane mode and then enabling Wi-Fi. The cellular connection isn’t as stable, and it’s also much more difficult to attack than Wi-Fi, as mentioned earlier. We test all of the products on the same Apple iPhone SE, running the latest version of iOS.
For testing purposes, we use Ookla’s internet speed test tool. (Note that PCMag’s publisher, Ziff Davis, also owns Ookla). We average a series of tests, discarding the lowest and highest results. Then we immediately enable the VPN, connecting to whatever it recommended as the fastest server, and repeat that test. By comparing averages with and without the VPN active, we derive a score based on the percent change.
Ping latency is the time it takes for your device to query a server and receive a response. If that query must go through the VPN, latency typically increases, sometimes by a little, sometimes by a lot. However, we measure latency in milliseconds. Unless you’re playing a fast-paced online game where extra milliseconds of lag can get you fragged, you won’t notice a modest increase in latency.
A drag on download speed, on the other hand, will probably draw your attention. If downloading a new app takes twice as long, that’s not good. And slow download speeds can cause streaming videos to pause or stutter. Fortunately, few of the iPhone VPNs we’ve tested had a big impact on download speed. In fact, one of them actually sped up downloads in testing.
When’s the last time you uploaded a big file from your smartphone? Right, it’s not a common activity. A drag on upload speed due to the VPN isn’t likely to bother anybody. In truth, while all the iPhone VPNs we tested had some effect on upload speed, even the worst of them wasn’t bad.
For this batch of reviews, we performed all the iPhone speed tests on exactly the same device and network, over the course of just two days, but that doesn’t mean we’d get precisely the same results on a different day, nor that you would get the same results on another network. The extremes would probably remain extreme, but other results could well vary. In addition, for most people, speed shouldn’t be the only factor in choosing a VPN. A convenient interface, a wide selection of servers, useful advanced features—these are also important considerations.
Can You Trust Your VPN Service?
If you’re using a service to route all your internet traffic through its servers, you have to be able to trust the provider. Established security companies, such as F-Secure, may have only recently come to the VPN market. It’s easier to trust companies that have been around a little longer, simply because their reputation is likely to be known. But companies and products can change quickly. Today’s slow VPN service that won’t let you cancel your subscription could be tomorrow’s poster child for excellence.
We’re not cryptography experts, so we can’t verify all of the encryption claims providers make. Instead, we focus on the features provided. Bonus features like ad blocking, firewalls, and kill switches that disconnect you from the web if your VPN connection drops, go a long way toward keeping you safe. We also prefer providers that support OpenVPN, since it’s a standard that’s known for its speed and reliability. It’s also, as the name implies, open source, meaning it benefits from many developers’ eyes looking for potential problems.
Since we last tested VPNs, we’ve given special attention to the privacy practices of VPN companies and not just the technology they provide. In our testing, we read through the privacy policies and discuss company practices with VPN service representatives. What we look for is a commitment to protect user information, and to take a hands-off approach to gathering user data.
As part of our research, we also make sure to find out where the company is based and under what legal framework it operates. Some countries don’t have data-retention laws, making it easier to keep a promise of “We don’t keep any logs.” It’s also useful to know under what circumstances a VPN company will hand over information to law enforcement and what information it would have to provide if that should happen.
While a VPN can protect your privacy online, you might still want to take the additional step of avoiding paying for one using a credit card, for moral or security reasons. Several VPN services now accept anonymous payment methods such Bitcoin, and some even accept retailer gift cards. Both of these transactions is about as close as you can get to paying with cash for something online. That Starbucks gift card may be better spent on secure web browsing than a mediocre-at-best latte.
VPN Features and Extras
The features to look for in a VPN depend on the way you intend to use it. If you never travel abroad and don’t feel the need to pretend you’re surfing from Amsterdam, the most important features for you are a convenient interface and a big selection of servers in the US. Conversely, if you’re a globetrotter with a need for a secure connection from just about anywhere, you’ll look for a VPN provider whose server locations cover all the continents.
For those protecting their Windows or macOS desktops with a VPN, the availability of specialized servers for BitTorrent and P2P file sharing may be a deciding factor. However, in our experience, using BitTorrent or P2P on a mobile device is much less common.
Here’s a distinction that may matter more to us than to the average user. There are many protocols available to protect a VPN connection, and our favorite at PCMag is OpenVPN. It’s open-source, so many experts have vetted its security. It’s also fast and effective. And…hardly any iPhone VPNs use it. Why? Because Apple would prefer developers use the default IPSec or IKEv2 protocol, so any app that uses OpenVPN must go through even more vetting than usual.
Finally, there’s the bang-for-your-buck factor. While it’s possible to get a VPN for free, most free services either put a draconian cap on bandwidth or serve up ads. Prices for the iPhone VPNs we’ve examined range from less than $7 to more than $12 per month, typically with a discount if you pay for several months or a full year. That subscription lets you install protection on anywhere from two to seven devices. And no, the price and number of devices don’t necessarily correlate. One of the most expensive VPNs that we’ve examined covers just two devices.
Get the Right iPhone VPN
There’s little need to go searching the Apple store for an iPhone antivirus utility to go with iOS 11. Malware coders focus on the low-hanging fruit, meaning the relatively insecure Windows and Android operating systems. But using a VPN isn’t about protecting your device; it’s about protecting your information, and your network connections. You need a VPN no matter what type of device you use. Read our reviews, check our ratings, and select the VPN that’s best for you. Once you’ve chosen a service, be sure to read our guide on how to set up and use a VPN.