diff --git a/ipn/local.go b/ipn/local.go
index 58db16565..d1edb742a 100644
--- a/ipn/local.go
+++ b/ipn/local.go
@@ -1549,7 +1549,8 @@ func (b *LocalBackend) TestOnlyPublicKeys() (machineKey tailcfg.MachineKey, node
 // clients. We can't do that until 1.0.x is no longer supported.
 func temporarilySetMachineKeyInPersist() bool {
 	//lint:ignore S1008 for comments
-	if runtime.GOOS == "darwin" || runtime.GOOS == "android" {
+	switch runtime.GOOS {
+	case "darwin", "ios", "android":
 		// iOS, macOS, Android users can't downgrade anyway.
 		return false
 	}
diff --git a/net/dnscache/dnscache.go b/net/dnscache/dnscache.go
index 63afb2168..fe9fc99ea 100644
--- a/net/dnscache/dnscache.go
+++ b/net/dnscache/dnscache.go
@@ -25,7 +25,7 @@ func preferGoResolver() bool {
 	// There does not appear to be a local resolver running
 	// on iOS, and NetworkExtension is good at isolating DNS.
 	// So do not use the Go resolver on macOS/iOS.
-	if runtime.GOOS == "darwin" {
+	if runtime.GOOS == "darwin" || runtime.GOOS == "ios" {
 		return false
 	}
 
diff --git a/portlist/poller.go b/portlist/poller.go
index e950bb596..9e98022b1 100644
--- a/portlist/poller.go
+++ b/portlist/poller.go
@@ -7,7 +7,6 @@ package portlist
 import (
 	"context"
 	"errors"
-	"runtime"
 	"time"
 
 	"tailscale.com/version"
@@ -34,7 +33,7 @@ type Poller struct {
 // NewPoller returns a new portlist Poller. It returns an error
 // if the portlist couldn't be obtained.
 func NewPoller() (*Poller, error) {
-	if runtime.GOOS == "darwin" && version.IsMobile() {
+	if version.OS() == "iOS" {
 		return nil, errors.New("not available on iOS")
 	}
 	p := &Poller{
diff --git a/types/logger/rusage_nowindows.go b/types/logger/rusage_nowindows.go
index c5d0e706d..48446717b 100644
--- a/types/logger/rusage_nowindows.go
+++ b/types/logger/rusage_nowindows.go
@@ -19,7 +19,7 @@ func rusageMaxRSS() float64 {
 	}
 
 	rss := float64(ru.Maxrss)
-	if runtime.GOOS == "darwin" {
+	if runtime.GOOS == "darwin" || runtime.GOOS == "ios" {
 		rss /= 1 << 20 // ru_maxrss is bytes on darwin
 	} else {
 		// ru_maxrss is kilobytes elsewhere (linux, openbsd, etc)
diff --git a/version/prop.go b/version/prop.go
index f13aa8ff4..302209c09 100644
--- a/version/prop.go
+++ b/version/prop.go
@@ -10,17 +10,16 @@ import "runtime"
 func IsMobile() bool {
 	// Good enough heuristic for now, at least until Apple makes
 	// ARM laptops...
-	return runtime.GOOS == "android" ||
-		(runtime.GOOS == "darwin" && (runtime.GOARCH == "arm" || runtime.GOARCH == "arm64"))
+	return runtime.GOOS == "android" || isIOS
 }
 
 // OS returns runtime.GOOS, except instead of returning "darwin" it
 // returns "iOS" or "macOS".
 func OS() string {
+	if isIOS {
+		return "iOS"
+	}
 	if runtime.GOOS == "darwin" {
-		if IsMobile() {
-			return "iOS"
-		}
 		return "macOS"
 	}
 	return runtime.GOOS
diff --git a/version/prop_ios.go b/version/prop_ios.go
new file mode 100644
index 000000000..a6fb9ea75
--- /dev/null
+++ b/version/prop_ios.go
@@ -0,0 +1,9 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build ios
+
+package version
+
+const isIOS = true
diff --git a/version/prop_notios.go b/version/prop_notios.go
new file mode 100644
index 000000000..f2a5c0152
--- /dev/null
+++ b/version/prop_notios.go
@@ -0,0 +1,9 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !ios
+
+package version
+
+const isIOS = false
diff --git a/wgengine/userspace.go b/wgengine/userspace.go
index 2b4ff7db8..1ef4dd61f 100644
--- a/wgengine/userspace.go
+++ b/wgengine/userspace.go
@@ -397,7 +397,7 @@ func (e *userspaceEngine) handleLocalPackets(p *packet.Parsed, t *tstun.TUN) fil
 		return filter.Drop
 	}
 
-	if runtime.GOOS == "darwin" && e.isLocalAddr(p.DstIP4) {
+	if (runtime.GOOS == "darwin" || runtime.GOOS == "ios") && e.isLocalAddr(p.DstIP4) {
 		// macOS NetworkExtension directs packets destined to the
 		// tunnel's local IP address into the tunnel, instead of
 		// looping back within the kernel network stack. We have to
@@ -609,8 +609,7 @@ func forceFullWireguardConfig(numPeers int) bool {
 	// On iOS with large networks, it's critical, so turn on trimming.
 	// Otherwise we run out of memory from wireguard-go goroutine stacks+buffers.
 	// This will be the default later for all platforms and network sizes.
-	iOS := runtime.GOOS == "darwin" && version.IsMobile()
-	if iOS && numPeers > 50 {
+	if numPeers > 50 && version.OS() == "iOS" {
 		return false
 	}
 	return false