The user has to be more careful. If he has installed any official Iranian apps (like banking or communication) or even visits such a website their IP address will be recorded and most certainly looked into. Even if they use split tunneling for domestic websites, some apps intentionally try to ping unreachable servers from Iran (For instance "Bale" might ping a sentry instance hosted outside of Iran, normally inaccessible from the domestic intranet) to catch the more careful users.