iOS Proxy Apps Face Critical APNS Push Bug

iOS Proxy Tools Hit a Wall With Apple Push Notifications

Users of Loon, a popular iOS proxy and network debugging tool, have discovered a frustrating bug that prevents Telegram push notifications from working correctly — even when Apple's push notification domains are explicitly proxied. The fix requires enabling a buried advanced setting called 'Include APNS,' but doing so introduces an entirely new problem: it breaks Mac-to-iPhone hotspot tethering, forcing users to choose between reliable messaging notifications and basic connectivity.

This issue highlights a growing tension between Apple's tightly controlled notification infrastructure and the proxy tools that millions of users rely on daily for privacy, security, and unrestricted internet access.

Key Takeaways

• Telegram push notifications fail on iOS when using Loon, even with push.apple.com and related domains routed through the proxy
• Simply adding Apple push domains to proxy rules is not sufficient to restore notification delivery
• Users must navigate to Loon's advanced configuration and enable the 'Include APNS' toggle to fix the issue
• Enabling this setting breaks Mac hotspot tethering, creating an impossible trade-off for users in the Apple ecosystem
• The problem affects other proxy and VPN apps on iOS that intercept network traffic at the system level
• This issue underscores the fragility of Apple's push notification system when third-party network tools are involved

Understanding the APNS Architecture Problem

Apple Push Notification Service (APNS) is the backbone of all iOS notifications. Every app — from iMessage to Telegram to Slack — relies on persistent connections to Apple's push servers to deliver timely alerts. These connections route through domains like push.apple.com, courier.push.apple.com, and related subdomains.

When a proxy tool like Loon intercepts network traffic, it typically creates a local VPN tunnel that routes selected traffic through remote servers. Most users assume that adding push.apple.com to their proxy rules would be sufficient to maintain push notification functionality. However, APNS uses a specialized binary protocol over persistent TCP connections on port 5223, which behaves differently from standard HTTPS traffic.

The core issue is that APNS traffic operates outside the normal HTTP/HTTPS stack that proxy tools are designed to handle. iOS maintains these connections at a system level, and they require specific handling that goes beyond simple domain-based routing rules. This is why Loon's developers added the 'Include APNS' toggle as a separate advanced option rather than relying on standard proxy rules.

Why Telegram Is Particularly Affected

Telegram's notification architecture makes it especially vulnerable to this issue. Unlike apps that rely solely on APNS for all notification delivery, Telegram maintains its own persistent connection to Telegram servers for real-time message delivery. However, when the app is in the background or terminated, it falls back to APNS for push notifications.

This dual-connection model creates a unique failure mode:

• When Loon is active, Telegram's direct server connection works fine for foreground messaging
• Background and lock-screen notifications require APNS to function correctly
• Standard proxy rules catch Telegram's own traffic but miss the APNS relay
• Users experience a deceptive situation where the app works but notifications silently fail

Compared to apps like WhatsApp or Signal, which have simpler notification flows, Telegram's architecture exposes this proxy misconfiguration more visibly. Users may not notice missing notifications from other apps because they interact with them less frequently, but Telegram's high-volume messaging makes silent notification failures immediately apparent.

The Hotspot Connectivity Trade-Off

Enabling the 'Include APNS' setting in Loon's advanced configuration solves the notification problem but introduces a painful side effect. Mac computers can no longer connect to the iPhone's personal hotspot when this setting is active. This creates a particularly frustrating scenario for users who depend on both features in their daily workflow.

The technical explanation lies in how Apple's Continuity features work. Personal Hotspot, AirDrop, Handoff, and other cross-device features rely on a combination of Bluetooth Low Energy, peer-to-peer Wi-Fi, and — critically — APNS-like system services for device discovery and authentication. When Loon's APNS inclusion setting routes all Apple system-level network traffic through the proxy tunnel, it disrupts the delicate handshake process that allows a Mac to discover and connect to the iPhone's hotspot.

This means users face a binary choice:

• Enable 'Include APNS': Telegram notifications work, but Mac hotspot tethering breaks
• Disable 'Include APNS': Mac hotspot works perfectly, but Telegram notifications fail silently
• Toggle manually: Users can switch the setting based on current needs, but this requires restarting the proxy each time
• Use alternative notification methods: Some users resort to keeping Telegram open in the foreground, which defeats the purpose of push notifications

Broader Implications for iOS Proxy and VPN Users

This issue is not unique to Loon. Other popular iOS proxy and VPN tools — including Shadowrocket, Surge, Quantumult X, and Clash — face similar challenges with APNS traffic handling. Each app handles the problem differently, with varying degrees of success and different sets of trade-offs.

Surge, for example, offers more granular control over system traffic routing and has implemented specific APNS handling in recent updates. Shadowrocket provides a simpler configuration model that may avoid the issue in some configurations but offers less control when problems arise. The fragmentation of solutions across these tools reflects the underlying complexity of the problem.

The broader pattern reveals a fundamental tension in the iOS ecosystem:

• Apple designs its services assuming direct, unmodified network paths
• Proxy tools necessarily intercept and redirect traffic, breaking Apple's assumptions
• iOS provides no official API for proxy tools to handle APNS traffic correctly
• Each proxy app must reverse-engineer the correct behavior, leading to inconsistent results
• Apple's increasing use of certificate pinning and encrypted protocols makes proper proxying harder over time

What This Means for Everyday Users

For the millions of users who rely on proxy tools for privacy, security, or accessing region-restricted content, this APNS issue represents a significant usability problem. Push notifications are a fundamental part of the smartphone experience, and having them break silently — without any error message or warning — creates a poor user experience that can have real consequences.

Missed Telegram messages could mean missed business communications, delayed responses to urgent requests, or simply the frustration of realizing hours later that messages were sitting unread. The fact that the fix exists but creates its own problems makes the situation even more aggravating.

Practical recommendations for affected users include:

• Check Loon's advanced settings immediately if Telegram notifications have been unreliable
• Create separate proxy profiles — one with APNS enabled for daily use, one without for hotspot scenarios
• Consider using Telegram's built-in proxy settings (SOCKS5 or MTProto) instead of routing through Loon
• Monitor other apps for similar silent notification failures that may have gone unnoticed
• Update proxy tools regularly, as developers frequently release fixes for APNS-related issues
• Report the hotspot bug to Loon's developers through official channels to prioritize a fix

Looking Ahead: Can Apple Fix This?

The long-term solution likely requires action from Apple itself. The company could provide a proper API for VPN and proxy apps to handle APNS traffic without disrupting other system services. iOS 18 and the upcoming iOS 19 have introduced various networking changes, but none have directly addressed this proxy-APNS conflict.

Apple's App Store guidelines already permit VPN and proxy apps, acknowledging their legitimate use cases. Providing better infrastructure for these apps to coexist with system services like APNS and Personal Hotspot would benefit both developers and users. Until then, proxy app developers will continue to implement workarounds that inevitably create new edge cases and conflicts.

The proxy tool community has been actively discussing potential solutions, including more intelligent traffic splitting that could route APNS traffic through the proxy while leaving Continuity-related traffic on the direct path. Some developers are experimenting with Network Extension API features that could provide finer-grained control, but Apple's documentation for these APIs remains sparse.

For now, users caught between Telegram notifications and Mac hotspot connectivity will need to manage the trade-off manually — a reminder that even in Apple's carefully curated ecosystem, the intersection of third-party tools and system services can produce unexpected and frustrating conflicts.