Despite Apple’s changes to macOS with the release of Big Sur, we can confirm that the Mullvad app still performs as intended by not allowing Apple’s own apps to bypass our VPN firewall.
Starting in Big Sur, the latest version of macOS released 12 November 2020, Apple excludes its own apps from the content filter provider APIs. As a result, any network monitoring and security software using these APIs is unable to detect and block traffic from Apple apps.
Mullvad does not use content filter provider APIs to secure the device. Instead, we use the Packet Filter (PF) firewall which is built into macOS. This is a packet firewall, not an application firewall, which means that it does not exclude packets from any apps, including Apple’s own apps.
In other words, our usage of the PF firewall does not allow Apple apps to leak when Mullvad VPN is blocking the Internet. We have verified this by observing the network traffic from outside of the Apple machine.