Every time an iPhone quietly updates an app in the background, VPN users face a brief but real exposure window - one that most providers have simply accepted as unavoidable. Mullvad, a Swedish privacy-first VPN service, is refusing that compromise. The company is shipping a new iOS feature called "Force all apps" that locks down all device traffic exclusively to the VPN tunnel, eliminating the possibility of silent data leaks - though doing so surfaces a genuine technical conflict buried inside Apple's own networking architecture.
What the New Feature Actually Does
At its core, "Force all apps" is built on a native iOS configuration option called includeAllNetworks. When this setting is active, iOS enforces a strict rule: no traffic leaves the device unless it passes through the active VPN tunnel. There are no exceptions, no background system processes sneaking around the tunnel, and no partial connections. If the tunnel drops for any reason, the traffic stops entirely. In that sense, it functions as an absolute kill switch - more aggressive than most VPN implementations, which typically only interrupt user-initiated connections when a tunnel fails.
Mullvad had long been aware of this configuration option but deliberately held back from enabling it. The reason was not philosophical. It was technical. The same mechanism that enforces airtight traffic routing also blocks the iOS system downloader from fetching app updates when the VPN connection is momentarily interrupted during an update cycle. Enable the setting, lose the tunnel briefly during an update, and the device ends up stuck - unable to complete the download, unable to restore connectivity, trapped in a broken loop with no apparent exit.
The Update Loop Problem and How Mullvad Is Working Around It
Automatic app updates on iOS are managed by the operating system itself, not by individual apps. When the App Store triggers a background download, the existing app process is terminated and temporarily replaced. During that transition, any VPN connection tied to the outgoing app instance drops. For the vast majority of users, this is invisible and inconsequential. For someone relying on a VPN for genuine anonymity - journalists working in restrictive environments, researchers handling sensitive sources, individuals in countries where ISP surveillance is routine - that gap represents a real exposure of their IP address and traffic metadata to their internet service provider.
Mullvad's solution is procedural rather than purely technical. The new version of the iOS app will monitor for pending updates and alert users before the App Store's automatic download begins. Users are then given explicit instructions: disconnect the VPN manually, or disable "Force all apps" temporarily, allow the update to complete, then re-enable protection. This hands the decision to the user rather than allowing a silent background process to make it for them. Mullvad is transparent about the remaining gap - traffic will still leak during that update window - but the notification system ensures the exposure is deliberate, timed, and controlled rather than invisible.
The company also acknowledged that users who miss the notification and proceed with the automatic update while "Force all apps" is active may end up with a broken networking stack on their device. For that scenario, Mullvad's prescribed remedy is blunt: submit feedback to Apple. The underlying constraint is Apple's, not Mullvad's, and the company cannot resolve it from outside the operating system.
The Broader Tension Between Platform Control and Privacy Tools
This episode illustrates a structural problem that privacy-focused software developers routinely encounter on mobile platforms. iOS, by design, gives Apple's own system processes privileges that third-party applications cannot match or override. A VPN application operates within boundaries set by the platform, and when those boundaries conflict with the strongest possible privacy configuration, the app developer is forced to choose between usability and completeness of protection.
Mullvad is unusual in choosing completeness, even at the cost of user experience. The company's business model depends on attracting users who treat privacy as a non-negotiable requirement rather than a convenience feature. Requiring manual intervention for updates is a meaningful friction point. Accepting it as the price of zero-leak protection is a deliberate signal about who Mullvad is building for.
For most iOS VPN users, this level of enforcement is unnecessary. Background leaks during a thirty-second app update carry minimal practical risk in ordinary usage. But the existence of a technically sound mechanism to prevent those leaks - and Mullvad's decision to ship it despite the complications - raises a legitimate question about why mobile platforms do not offer this capability as a seamless, built-in option. Until they do, the most rigorous protection available will require the user to stay alert and act manually at precisely the moment the system would rather handle everything silently.
