A Firewall for iPhones

First thought I had upon discovering Guardian’s project:

“Why don’t mobile operating systems have firewalls, anyway?”

So you might say I’ve been looking forward to writing up my first experiences with Sudo Software’s Guardian firewall for iOS. So here are a few thoughts on it. Keep in mind the app is still in beta and isn’t a final release candidate just yet.

Once installed, the only thing a user needs to do to activate Guardian, is touch the blue G:

Then, the app just — starts doing things that are completely invisible to the user. It offers only two tabs at the bottom: Protect, which shows current status, and Alerts, which is user-friendly but arguably too oversimplified in its current state. We’ll get to that in a minute.

From a usability perspective, it’s probably the simplest design I’ve ever seen in the context of making an installation for such a complex app be user-friendly. There is no separate app or configuration for the coupled VPN service. Upon installation, the single installation does all the work, installs the app, configures a VPN. Even if you already have a VPN configured and in use, it will override and disable it. This might not fly well with corporate shops that use federated cloud-access brokers for identity and access management, though. As for performance it’s up and down. The service is still in beta so will likely have to scale to meet demand. I’ve had issues like certain other services timing out and having to restart the VPN to restore connectivity. But let’s talk about the pros.

This is a boon for anyone who has always believed (and continues to believe) that using a VPN is “complicated” or “kloogy.” The way the folks at Sudo designed the install and configuration experience could not be much better from a UX perspective. Win.

For me, the app blocks data tracking almost exclusively as my phone does not permit use of geotracking and other sensitive services. So the alerts I see have to do with those. Each person’s phone will behave differently, depending on the privacy settings they’re comfortable with. We can touch one of the blocked services to get another screen that offers no further detailed info, just a reiteration of the same.

The types of trackers I’ve seen Guardian block and/or detect so far are the usual suspects: AppFlyers, Adjust, and Scorecard Research. I’m curious what options users might have for blocking detected tracking in the final release (remember this is still in beta).

Personally, I’d like more access to what’s under the hood. I’m not talking iptables-type access necessarily but something more akin to what my default expectations are. For example, I’d like to see more granular explanations of blocked/detected services, options to deny/allow, and use my own VPN, or at least select specific servers in specific regions, for starters. As it is, it’s a little too simplistic for my taste. It’s almost too simple to trust.

In any case, this is a first and important step in the evolution of valuing and protecting our privacy on this platform. I can only imagine once it’s tweaking to users’ delight, Apple will assimilate it into the os in earnest. For now, this is a great start. Except for the price, which may turn some folks off, starting at $12.50/month. Keep in mind this also includes VPN, which most people do not use as a general practice and typically costs between $5-10 per month. Rolled into one, it’s not a terrible price point but will pose as an obstacle to wider adoption.

UPDATE – July 1, 2019

Since I last wrote about it, Guardian has added a cool new feature to Alerts. Version 1.0.10 now includes attempts at page hijacking:

guardian-firewall-iOS-hijacker
Guardian Firewall’s Page Hijack alerts

Also, the app’s overall performance has improved, including access to sites like Amazon that often block connections made from VPN and other proxy-type services, even though it makes no sense at all outside of being able to accurately geo-locate you when you connect, which is good for their marketing analytics. That deserves its own post.

For now, this is a useful tool and despite its relatively high cost, keep in mind it comes bundled with reliable (so far) service routed through the Netherlands.

I give it a good rating if only for what it’s taught me about what apps use what tracking platforms and how often they try to harvest usage data.

Additional ideas for improvements include more visibility into that, of course, and more overall functionality into the app itself.

For now, it’s about as user-friendly as it can possibly be made to be and the performance is consistent. I’ll keep posting updates as they emerge. Thanks for reading.