Introducing Guardian Firewall for iOS

Guardian Firewall will be available in the App Store starting June 14 for those who pre-ordered, and will be available to the general public in July. The cost is $9.99/month (or $99.99 per year) for VPN + Firewall capabilities. VPN-only service will be available at no cost.

Follow @guardianiosapp on Twitter

Starting over 2 years ago, we embarked on an ambitious mission: Build a tool that allows any electronic device owner in the world to take back control of their digital privacy. This tool needed to be incredibly easy to use, straightforward, and must allow a user to “set it and forget it” if they did not want to apply any customizations.

We could have cut plenty of corners and shipped an acceptable tool. Instead we took our time and did things right, putting together the most powerful tool and dataset we were capable of building. Why? Because we are working towards a broader set of goals: Make surveillance capitalism an untenable business model. Degrade the quality of shadow profiles maintained on every user of an internet connected device. Methodically expose every bad actor we can find. The electronic devices you bought and own should not be snitching on you at regular intervals. Something has gone very wrong, and the course must be corrected to prevent pervasive data collection from becoming an acceptable norm. It’s time for war. No stone will be left unturned.

Thousands of hours and a 5 month back-and-forth with Apple’s App Review team later, this mission has resulted in our creation of the first real firewall for iOS devices. Managed by a unique dataset that is the result of our continuous and exhaustive in-house research, Guardian Firewall updates instantaneously as we discover new threats to ensure that you don’t have to do any work at all. We will find threats before they can find you.

For the lifetime of our company, Guardian Firewall will utilize a simple tried-and-true business model: Accepting currency for a product that people find valuable. Full stop. We will never track our users. We will never collect personal information about our users. We consider user data to be a liability. Each and every technical design decision is built around that concept.

What does Guardian Firewall do?

The initial 1.0 release of Guardian Firewall primarily does one thing, and it does it well: Block those trying to track you, and tell you who they are as well as what types of data they likely tried to collect.

We have a whole lot more queued up for subsequent releases, such as the ability to set custom firewall rules.

Privacy Research and Findings

We conducted an intensive review of code found within hundreds of thousands of apps (and the trackers embedded in them) in order to build the dataset which powers our firewall software. Throughout this ongoing process, at various points, we determined it best to publicly disclose particularly egregious issues that were likely to be of public interest in hopes of enacting positive change.

Examples of public disclosures include the following:

AccuWeather, a popular weather app for iOS, was sharing user location information with a third-party location tracking service even if users declined to grant the app Location Services access. An inadequate public response was issued, and the tracking code in question was quickly removed from AccuWeather’s iOS app.

Uber was granted exclusive access to powerful capabilities in iOS which could allow it to access raw user screen data, allegedly in order to improve performance in their Apple Watch app. This capability was quickly removed after public disclosure.

Onavo Protect, a Facebook-owned VPN app, abused the Packet Tunnel Provider functionality in iOS to continuously send analytics while running in the background. The app was removed from the App Store months later by Facebook at the request of Apple, due to Facebook’s inability to produce a variant of the app which was compliant with the App Store Guidelines. Onavo Protect was later available on iOS once again using a disguised “research” app targeted at teenagers, until disclosure of this fact, causing Apple to swiftly revoke Facebook’s code signing certificate. On May 6, Facebook shut down Onavo entirely.

Many popular iOS applications such as GasBuddy, PayByPhone Parking, Perfect365, Tapatalk, Tunity, and YouMail were found to use code from various data monetization companies to track the daily whereabouts of users. Location Services permissions were granted to the apps by users under more a more innocuous premise, such as the ability to “provide local gas prices” or similar functions relevant to the host app.

Further public disclosures of these kind will be published on our Research page.

More About App Data Sourcing

In order to effectively keep track of all known trackers being used on iOS, we periodically scan the App Store and use custom automated tooling to decompile, disassemble, and index the contents of iOS apps. Over the course of the last four years, we have developed this custom toolset which now gives us an unprecedented level of insight into network connections, security/privacy issues, and any other information we need from iOS apps.

This capability allows us to monitor changes in real time as trackers are added, updated, and removed from apps. We can easily find out what types of data are sent to external servers, and that is why each alert in the app is able to describe what we prevented from going out by blocking the connection.

Screening app traffic in a preliminary manner so that we know what it will look like adds an attractive privacy benefit: We can inform users with reasonably high confidence what types of data present in connections we blocked, without actually needing to analyze content from the network packets as they flow through the firewall. Remember: we consider users’ personal data to be a liability, not an asset.

What is unique about Guardian Firewall?

Existing apps with similar capabilities typically suffer from a few limitations. Those which use the Content Blocker API are restricted to connections occurring within Safari. Those which use a local proxy running in a Packet Tunnel Provider app extension tend to unnecessarily burn up the limited power resources of the phone and are using an unsupported API which could get restricted at any time in an OS update. Those which route DNS requests through a custom server in order to “filter” by returning an invalid result are not fully effective, since they are limited to DNS requests and would not be able to block connections to the IP address of a prohibited server access for which the device already has a cached DNS response (as an example).

We took a different approach, ensuring little to no impact on device battery, using a design which also allows easy portability to other platforms, and is completely future-proof from any API changes in iOS. The Guardian Firewall app has been designed to simply act as a client for remotely hosted VPN servers running custom fully-featured firewall software with a configurable JSON API which the device can use to generate pseudonymous EAP access credentials, pull in alerts for recently blocked traffic, and automatically check for physically proximate servers to connect to (in order to reduce latency and improve speeds)

Due to the nature of this design, it is important for you to understand that this process involves sending your internet data through our secure firewall servers. In order to mitigate any privacy concerns associated with handling potentially personal internet data, Guardian Firewall is designed with no sign-up process, and no information entry about yourself whatsoever. A simple tap on the G-Shield button is enough to start protecting your digital privacy.

Our lack of information collection may raise an important question: How are we are able to differentiate between a free and a paying user? Well, the only information we need to know is if the user sent us a payment. This allows us to simply use a digital receipt, which is generated on your phone when you make a purchase in the app, as your “all access pass” to our VPN servers and their corresponding APIs. Therefore, Guardian Firewall has no need to ask for any personal information or keep any kind of record about you at all.

Whether you’re extremely technical or barely feel comfortable holding a phone, we feel confident that Guardian provides a sophisticated solution with a simple design that works for everyone.

Get Guardian Firewall

Guardian Firewall will be available in the App Store starting June 14 for those who pre-ordered, and will be available to the general public in July.

Thank you for your time. Please feel free to contact us via Twitter (@guardianiosapp) or e-mail (hello@guardianapp.com) with any inquiries.