SecureFox logo[SECUREFOX]
//04Kill switch

When the tunnel breaks, your traffic stops.

No fallback to your ISP. No plaintext leak. iOS uses on-demand NEVPNManager rules, Android uses VpnService allow-listing — both survive backgrounding and app kills.

//01Why this matters

A VPN that 'usually' protects you isn't a VPN.

The moment a tunnel drops — Wi-Fi handoff, server failure, app crash — every other VPN exposes you. Your real IP leaks. DNS queries go to your ISP. Apps that thought they were going through the VPN start talking to remote servers in plaintext. SecureFox's kill switch closes that gap completely: if the tunnel state isn't 'connected', no packets leave the device. iOS and Android each use their platform's strongest mechanism, so the protection holds even if you put the app in the background, force-quit it, or reboot.

//02How it works

Platform-native, always-on.

On iOS, we use NEVPNManager's on-demand rules with the entire device IP range as the matched domain. The system kernel itself blocks all outbound traffic when the tunnel is not up — there's no way for an app to bypass it. On Android, our VpnService runs with allow-listing: only the SecureFox app is permitted to send while the tunnel is reconnecting, and even it can only send to the configured server. macOS and Windows use packet-filter rules at the OS level. Same guarantee everywhere.

iOSNEVPNManager on-demand rules
AndroidVpnService allow-list mode
macOSpfctl block rules tied to tunnel state
WindowsWFP filter (Windows Filtering Platform)
//03Use cases

Where 'usually safe' isn't good enough.

01

Activism / journalism in hostile networks

A single dropped packet to the wrong destination can deanonymise you. Kill switch ensures the cost of a Wi-Fi handoff isn't your safety.

02

Travelling on public Wi-Fi

Captive portal interactions and network handoffs cause tunnels to drop. Without kill switch, your real IP leaks to every app that retries during reconnect.

03

Long-running uploads / downloads

Backups, BitTorrent, large transfers — any of them silently failing over to your ISP is bad. Kill switch makes the failure visible (and harmless).

//04What you get

No silent failures.

  • Platform-native enforcement — kernel-level, not user-space
  • Survives app backgrounding, force-quits, and reboots
  • DNS queries blocked when tunnel is down (no DNS leak)
  • Reconnect is automatic — kill switch lifts the moment tunnel is healthy
  • Per-app exception list (Settings → Kill switch → Allowed apps)
//05Kill switch FAQ

Common questions about kill switch.

Will my apps crash if the tunnel drops?+

Most won't — they'll just see network errors and retry, exactly as they would if you walked into an elevator. Kill switch makes the network unreachable, not the app unusable.

Can I turn off the kill switch for specific apps?+

Yes, on Android and Windows. iOS doesn't allow per-app exceptions to its on-demand rules, so the iOS kill switch is all-or-nothing.

Does it block local network access?+

By default yes (most users want full isolation). You can enable 'Allow LAN access' in Settings to keep AirDrop, printers, and Chromecast reachable while connected.

What if my phone loses Wi-Fi entirely?+

Kill switch still works — no traffic until you're back on a network the tunnel can use. The app re-establishes automatically once you reconnect.

//06Features

Related features

Privacy & DPI Resistance

AES-256-GCM wrapped in REALITY transport. SecureFox traffic looks like a normal HTTPS visit, so deep packet inspection has nothing to fingerprint.

READ MORE

Split Tunneling

Route only the apps you choose through the VPN. Keep streaming on your local IP while your browser tunnels — or do the opposite.

READ MORE
[ Ready ]

Try it free.

Anonymous mode gives you 1 GB every week, no account required. Sign up later for 2 GB.

Get the app