ivpn / ios-app Goto Github PK
View Code? Open in Web Editor NEWOfficial IVPN iOS app
Home Page: https://www.ivpn.net/apps-ios
License: GNU General Public License v3.0
Official IVPN iOS app
Home Page: https://www.ivpn.net/apps-ios
License: GNU General Public License v3.0
When servers list is sorted by Country, display servers with country code before city name:
AT, Vienna
AU, Sydney
BE, Brussels
BG, Sofia
In the App Store version, as well as in the latest beta 2.1.0 (20), on iPad, when the user changes the trust status, the dialogue asking to reconnect etc. appears cutoff. The issue is only present on portrait mode, on the landscape the dialogue is fully visible.
The Network Protection dialogue when changing the trust status should be fully visible.
IVPN: 2.0.4 (11), 2.1.0 (20)
Devices: iPad 6 iOS 13.6.1
This setting should be disabled (or hidden) and on by default.
When user enabled IPv6 for VPN tunnel, this setting should became visible.
When both "Enable IPv4" and "Show gateways without IPv6 support" are enabled, on the servers list there should be "IPv6" label next to servers that support IPv6.
Implement option for secure DNS over HTTPS/TLS inside a VPN tunnel - a new option in existing "Custom DNS" screen.
When losing internet connection (or enabling Airplane mode), if the user decides to switch from IKEv2 or OpenVPN to WireGuard, once the device recovers connectivity (or disables Airplane mode), the client will automatically connect to the last OpenVPN or IKEv2 server, even though WireGuard is selected and another server is displayed on screen.
Note:
See attached video for further details.
After internet connection is recovered, the client connects to the last selected server + OpenVPN protocol.
After internet connection is recovered, the client should connect to the current selected server + protocol.
In the current App Store build 2.3.0 (16), IKEv2 is selected automatically after a fresh installation. At first, WireGuard is selected as the default protocol, but when closing/reopening the app, IK2v2 is selected instead.
IKEv2 selected automatically when closing/reopening the app after installation.
WireGuard should always be the default protocol, and no other protocol should be automatically selected.
IVPN: 3.2.0(16)
Devices: iPhone XR iOS 14.4, iPad 6 iOS 13.6.1
Description:
Observed with WireGuard, when the app fails to connect to a server, then the user connects successfully to e.g. fastest server and then connects back to the server that failed, the application shows as connected to the server selected , but the geolocation API shows the fastest server.
When looking up the IP address, the app is indeed connected to the fastest server instead of selected one.
Note:
See attached video for further details.
Actual result:
There is a mismatch between the server the app is connected to and the server selected
Expected result:
The app should always connect to the server selected
Steps to reproduce:
Try to mock a disabled gateway
Extra info:
Remove views that are no longer used - clean up Main.storyboard
.
In the App Store version, as well as in the latest beta 2.1.0 (20), when the app is closed, but connected, the shortcut "Disconnect" does not work.
The shortcuts should always work, regardless if the app is opened or closed.
IVPN: 2.0.4 (11), 2.1.0 (20)
Devices: iPhone XR iOS 14.3, iPad 6 iOS 13.6.1
Privacy Policy and Terms of Service are static HTML files bundled with the app.
Load Privacy Policy and Terms of Service from ivpn.net:
https://www.ivpn.net/privacy-mobile-app/
https://www.ivpn.net/tos-mobile-app/
In the latest beta version 2.1.0(20), the IVPN widget is not loaded. The issue is only present on iPhone XR which has an iOS version 14.3.
The issue is NOT present in the App Store version 2.0.4.
The IVPN widget should work on all supported devices and iOS versions.
IVPN: 2.1.0 (20)
Devices: iPhone XR iOS 14.3
A new iOS 14 privacy alert is presented when new installed apps require access/try to interact with the local network.
First we need to investigate which part of the app/app's logic triggers this alert, and then resolve the issue in 2 possible ways:
Compiling ios on mac keeps getting errors: Command ExternalBuildToolExecution failed with a nonzero exit code
Module: wireguard go bridge
Compiler Environment:
Mac os :10.15.7
Go version:go version go1.15.2 darwin/amd64
Xcode:12.0.1
When the subscription expires "today", but it's still active, the iOS app shows incorrectly the alert "Subscription expired RENEW".
Incorrect subscription expiration alert when the subscription expires "today".
When the subscription expiration date is <=1 day, the app should display an alert such as: "Subscriptions expires today" along with the button "Renew".
Refactor syntax in GitHub actions.
In order to flag a binary as restricted, one has to configure the linker in Xcode by adding the following flags into the Other Linker Flags located in Build Settings → Linking → Other Linker Flags.
Compiler Flags:
-Wl,-sectcreate,__RESTRICT,__restrict,/dev/null
https://pewpewthespells.com/blog/blocking_code_injection_on_ios_and_os_x.html https://theevilbit.github.io/posts/dyld_insert_libraries_dylib_injection_in_macos_osx_deep_dive/
Identify and remove unused Swift code using CLI tool periphery:
https://github.com/peripheryapp/periphery
The main objective of Captcha is to discourage automated brute-forcing of either Account IDs or Email / Password combination of the existing users or through credentials stuffing attack.
Sometimes attackers are sophisticated enough and use huge number of IP addresses, therefore making regular rate-limiting per IP address useless.
As a solution, we’re counting total requests for /v4/sessions/new
endpoint and after some threshold exceeded, Captcha is requests from all clients calling this endpoint for some period of time.
Apps need to validate user input - verification code must be 6-digit code.
If input is not valid, app presents an error alert:
Title: “Invalid code“
Text: “Please enter 6-digit verification code“
Currently, the iOS app uses a DNS hostname to connect to gateway with IKEv2.
With using an IP address, there are advantages:
Rename WireGuard "Key regeneration" to "Key rotation" in the app UI.
UpgradePlanViewController.swift
:
Properties sessionsLimit, upgradeToUrl should be passed as dependency injection
When entering hostname for DoH or DoT settings, iOS device resolves IP addresses from hostname, as an array of IP addresses is required to enable custom DNS configuration.
If DNS resolver fails, we want to present an error alert in the UI.
This needs to be implemented for both connected and disconnected custom DNS settings.
Some ViewControllers need to have their view logic extracted to separate View component:
TermsOfServiceViewController.swift
WireGuardSettingsViewController.swift
SettingsViewController.swift
While testing network protection on version 2.1.0(27), it was observed that the app was getting stuck in connecting/disconnecting state when changing the default & current network trust status quickly, the issue not only happens with IKEv2 where the app throws endlessly the authentication error, but with OpenVPN as well where the app permanently tries to connect/disconnect.
Note:
See attached video for further details.
Please note that this issue is not observed with WireGuard.
App gets stuck on connecting/disconnecting state when changing the default & current network trust status repeatedly.
The app should never get stuck on connecting/disconnecting state when changing the trust status (even repeatedly).
Device: iPhone XR
OS name and version: iOS 14.3
IVPN app version: Beta 2.1.0 (27)
The current implementation of the ping Ping Service requires access to the local network because it is implemented using CFSocket
(a low level communications channel implemented with a BSD socket) and this is one of the operations which will trigger this access request.
Ideally, we want to implement the Ping Service in a way that does not perform operations that require access to the local network.
Local Network Privacy FAQ:
https://developer.apple.com/forums/thread/663858
What operations require local network access?:
https://developer.apple.com/forums/thread/663874
After fresh installing the App Store build 2.3.0 (16), when the user tries to restore purchases, the app crashes.
This is not observed after updating the IVPN version or when trying to restore purchases after logging out from the app
Crash when trying to restore purchases after a fresh installation.
The app should never crash when trying to restore purchases, if there is a valid subscription, the app should log the user in.
IVPN: 3.2.0(16)
Devices: iPhone XR iOS 14.4
We want to make WireGuard a default protocol when the app is used for the first time.
I cannot compile project
It says 'Makefile:37: *** This requires go version go1.12.7 darwin/amd64. Stop.
Command ExternalBuildToolExecution failed with a nonzero exit code'
BUT I ALREADY HAVE GO1.12.7 INSTALLED
HOW TO FIX IT?
Full log is here: https://pastebin.com/Gchpe7dj
Screen shot: https://prnt.sc/rg23w2
In the current app version 2.3.0
, for DoH server it is only possible to enter hostname or IP address.
We want to add support for entering a custom DoH server URL, or DoT server name with subdomain.
For example:
DoH: https://dns.nextdns.io/123456
DoT: 123456.dns.nextdns.io
This needs to be implemented for both connected and disconnected custom DNS settings.
Apps don't usually determine which certificates to trust and which not to trust when they try to establish a connection with a server. Rather, they rely entirely on trusted root certificates that are preinstalled with the operating system.
SSL pinning is technique that helps to prevent MITM or man-in-the-middle attacks.
Pinning is the process of associating a host with their expected X509 certificate or public key. Once a certificate or public key is known or seen for a host, the certificate or public key is associated or ‘pinned’ to the host.from OWASP — Certificate and Public Key Pinning
Pin the certificate: download the server's certificate and bundle it into the app. At runtime, the app compares the server's certificate to the one you've embedded.
Pin the public key: retrieve the certificate's public key and include it in app code as a string. At runtime, the app compares the certificate's public key to the one hard-coded in app code.
App needs to do a verification when performing HTTPS requests to our API server in these steps:
When user enables 2-factor authentication on his account, backend will require additional TOTP token from the client app when creating new session.
Apps need to validate user input - verification code must be 6-digit code.
If input is not valid, app presents an error alert:
Title: “Invalid code“
Text: “Please enter 6-digit verification code“
Since users can opt-in to allow Apple to share crash reports with app developers, we do not need the option for users to send the app crash reports directly to IVPN.
With the removal of this option, we also need to remove dependency:
github.com/getsentry/sentry-cocoa
Sanity check of IVPN app's settings screen.
Enable Data Protection capability to protect files and data created by the app by encrypting it on disk.
Data Protection Entitlement:
<key>com.apple.developer.default-data-protection</key>
<string>NSFileProtectionComplete</string>
https://developer.apple.com/documentation/uikit/protecting_the_user_s_privacy/encrypting_your_app_s_files
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_default-data-protection
For UserDefaults
keys used in multiple places, it is a good practise to define the keys as string constants in a single place, to avoid possible misspelling errors.
Currently, the iOS app uses a DNS hostname to connect to gateway with OpenVPN.
With using an IP address, there are advantages:
Currently, we use two sets of country flag icons - one (vector format) for countries where IVPN have gateways, and one (PNG format) for all other locations.
We want to have a single vector set for all locations.
Potential flags icon set, with most countries, SVG option and simplified art details that are suitable for displaying icons in small dimensions:
https://github.com/yammadev/flag-icons
Remove unused properties in UserDefaults extension.
Disable URLCache for all requests made to IVPN API server.
https://developer.apple.com/documentation/foundation/urlcache
https://developer.apple.com/documentation/foundation/nsurlrequestcachepolicy
New version of wireguard-go 0.0.20201118
is available:
https://github.com/WireGuard/wireguard-go/releases
Standard sanity check for WireGuard protocol.
Starting December 31, 2020, legislation from the European Union introduces Strong Customer Authentication (SCA) requirements for users in the European Economic Area (EEA) that may impact how they complete online purchases. We need to verify our app’s implementation of StoreKit to ensure purchases are handled correctly.
For in-app purchases that require SCA, the user is prompted to authenticate their credit or debit card. They’re taken out of the purchase flow to the bank or payment service provider’s website or app for authentication, then redirected to the App Store where they’ll see a message letting them know that their purchase is complete. Handling this interrupted transaction is similar to Ask to Buy purchases that need approval from a family approver or when users need to agree to updated App Store terms and conditions before completing a purchase.
More info:
https://developer.apple.com/support/psd2/
On version 2.3.0 (10), when the VPN profile dialog shows, if the user selects "Don't allow" and tries to change protocol, the app shows unexpectedly the following alert 'VPN connection is active. Changing protocol will turn off the current VPN connection'.
Furthermore, with IKEv2, the VPN profile dialog is displayed twice if selecting "Don't allow".
Unexpected alert when trying to change protocol after disallowing to set the VPN profile upon connection.
If users select "Don't allow" when the VPN profile dialog appears, afterwards if they change protocol, the connection alert should not be shown .
Upgrade TunnelKit to latest version:
https://github.com/passepartoutvpn/tunnelkit/releases
This requires a basic sanity for OpenVPN protocol.
Implement support for custom DNS over HTTPS/TLS, when VPN is not connected.
https://developer.apple.com/documentation/networkextension/nednssettingsmanager
When entering hostname for DoH or DoT settings, iOS device resolves IP addresses from hostname, as an array of IP addresses is required to enable custom DNS configuration.
We want to display this list of IP addresses in the UI. So as a user, i can see exactly which DNS server is used for custom DNS configuration.
This needs to be implemented for both connected and disconnected custom DNS settings.
Allow users access to the IPv6 internet after they connect to the WireGuard VPN.
In current clients, WireGuard [Interface]
is only configured with IPv4 address.
By adding IPv6 address in the client config, VPN tunnel will have IPv6 traffic as well, when connected to gateway which support IPv6.
Example client config:
[Interface]
Address = 192.0.2.0,2001:0db8:0:0::2001:0db8/64
ListenPort = 51820
PrivateKey = <PrivateKey>
DNS = 198.51.100.0
[Peer]
PublicKey = <PublicKey>
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = 203.0.113.0:2049
PersistentKeepalive = 25
There should be an option in the app settings that enables IPv6 inside VPN tunnel, which is off by default.
When IKEv2 VPN is connected for the first time, toggle is kept in disconnected state until VPN is connected.
When VPN is connecting, the toggle should be in the enabled state (blue color, on the right side).
The current implementation of the ping Ping Service requires access to the local network because it is implemented using CFSocket
(a low level communications channel implemented with a BSD socket) and this is one of the operations which will trigger this access request.
Until we can implement the Ping Service in a way that does not require access to the local network, we want to describe to users why the app requires this. This is done by adding NSLocalNetworkUsageDescription
in the Info.plist.
This issue is relevant only for iOS 14+ devices.
Instead iOS default alert message, now the alert contains a custom message describing why IVPN app requires access to user's local network - to obtain servers latency.
To get this alert presented by iOS consistently, follow these steps:
Description:
In the App Store build 2.0.4, as well as in the latest beta 2.1.0 (23), there is an UI issue with the connecting circle animation while changing networks and having the following network trust settings (Mobile data: Untrusted, WIFI: Trusted or vide versa).
When changing networks, it is observed two circles at the same time, one for the disconnected server and another one for the server connected to.
Note:
See attached video for further details.
Actual Result:
Two connecting circles when changing networks while having different trust status set from every network.
Expected Result:
Only one circle animation should be shown when connecting or disconnecting.
Steps to reproduce:
Extra Info:
After I do 'pod install' it says this:
The file mentioned file at:
Problem during make - Please check /Users/miladgholamhosseini/Library/Caches/CocoaPods/Pods/Release/OpenSSL-Apple/1.1.0l.4-f3d16/bin/MacOSX10.15.4-x86_64.sdk/build-openssl-1.1.0l.log
I searched everywhere but no clue what to do, I'd be grateful for your help.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.