To understand how Guardian Firewall works, you first must understand the meaning of two very important parts of our app, which provide the overall security and privacy that we promise.
What is a VPN?
VPN stands for Virtual Private Network – This is a service that your device connects to in order to encrypt and protect anything that you do while connected to the Internet. When you use your mobile device over the Internet, whether over cellular or Wi-Fi data, you are sending traffic or information to and from the websites and apps that you use. These websites can track your location while on the Internet and “learn” about you. Using a VPN can be imagined as using a tunnel to send this traffic or information allowing you to browse the Internet or use apps but they cannot see your information or “learn” about you, because your information is safe inside the tunnel and encrypted; meaning the information is concealed by being converted into scrambled data, between your mobile device and our Firewall/VPN servers. A VPN makes it so your IP address is coming from the VPN’s IP addresses and not your actual IP Address. In short, this creates a blanket of privacy for you to use the Internet without being spied on by marketing companies, data monetization companies, or other potentially malicious entities/individuals.
What is a Firewall?
A firewall is software that runs on a network (our Virtual Private Network aka VPN) that is designed to block unauthorized access to your personal data or information while still allowing you to use the apps and visit websites normally on your device. There are different types of firewalls regarding how they function but the end goal is the same: Block or prevent unwanted connections from your device as you normally use your computer, mobile phone or tablet.
Other existing solutions utilize custom DNS resolvers and/or “hosts” files in order to block specific connections. Guardian Firewall for iOS is unique in that it is a “true” firewall; In addition to having the ability to block DNS hostnames, it is capable of blocking connections to specific IPv4 or IPv6 addresses and ports, or block connections based on network packet content and/or metadata. Guardian Firewall’s backend is similar to Intrusion Detection System software seen in the enterprise, such as Suricata and Snort.
How it works - Free vs. Premium
When you turn on Guardian Firewall by pressing the Shield-G button, a secure connection is established between your device and our Firewall/VPN servers or (hosts). While you use your device normally, you may rest assured that all of your traffic or information is sent through our VPN and is fully encrypted using best-in-class IKEv2/IPsec with AES-256 encryption. Using this free version of Guardian Firewall, your traffic or information will be filtered through our firewall, and alerts in the Alerts tab will begin to populate, giving you a visual representation of the information trackers that have been detected by our firewall. This service is intended to sample your traffic and as such, will only connect for periods of time and will not include on-demand capability. This is meant to bring awareness as to the amount of requests of data that are happening on your device through the apps and websites you use. To make sure your data on your device stays on your device, upgrade to a paid subscription of Guardian Firewall.
When you turn on Guardian Firewall by pressing the Shield-G button, a secure connection is established between your device and our VPN servers or (hosts). While you use your device normally, you may rest assured that all of your traffic or information is sent through our VPN and is fully encrypted using best-in-class IKEv2/IPsec with AES-256 encryption. In addition to the Free tier capabilities, your network traffic and information will be filtered through our firewall, which is designed to block digital trackers from secretly collecting your information, and alerts in the Alerts tab will begin to populate giving you a visual representation of the data trackers that have been blocked. With the premium subscription to Guardian Firewall, the trackers detected by our firewall will be effectively blocked and your data will remain safely on your device and out of the hands of third parties. You may notice many of the same alerts populating in the Alerts tab but this is normal behavior as Guardian Firewall does not change the actual code in the app that is requesting to extract your data, rather, our app puts up a digital "wall" to block these requests and to prevent the data from leaving your phone and into a third party's hands for monetary gain. Premium Guardian Firewall also includes On-Demand capability to stay connected to our high speed VPN.
What VPN Encryption do you use?
IPsec/IKEv2 with AES-256 encryption. IKEv2 or (Internet Key Exchange version 2) is a VPN protocol that establishes the secure connection of communication between the VPN server and Guardian (in our case) on the user’s mobile device which is a VPN client. It first authenticates both the server and Guardian (client), and then proceeds to set the encryption so that outside elements cannot see or decrypt the information sent through this secure tunnel. AES-256 or (Advanced Encryption Standard 256 bit cipher) is among the highest standard of encryption available.
We do not support less secure protocols, such as L2TP and PPTP, as we do not want to open our user’s to the great risk of network traffic interception. We are actively exploring other more secure protocols, such as WireGuard, but have no timeline for implementation at this moment.
What is On-Demand?
On-demand is a function available through iOS that allows the VPN to attempt to automatically reconnect should there be any disconnection. This means a user will not have to manually reconnect if there is an interruption in connection to help preserve as constant a connection as possible when switching to different Wi-Fi Access Points or networks, in addition to switching between cellular and Wi-Fi networks.
Server Selection – Coming Soon!
How can I connect to different servers?
We are currently working on an update that will allow the user to change or select servers so please stay tuned! In the meantime, you may navigate to the Settings tab and select "Reset Configuration" to clear the old connection, then go to the Protect tab and press the Shield-G to connect.
This resets the connection to a server which is physically proximate to your region, in order to ensure the fastest connection available.
If you have changed your time in your device settings, this will also affect which server you connect to as it is based off of system time zones.
Whitelisting – Coming Soon!
Why do some of my Apps not work when Guardian is enabled?
We are currently working on a white-listing feature (a very popular request), which will allow some of these apps that reportedly do not play well with Guardian Firewall, to continue to work as normal without causing errors.
Name that App – Coming Soon!
How can I tell which app on my device is using the tracker?
We are currently working on a privacy-compliant technique to notify users of which apps are causing the alerts.
We purposely do not keep track of the apps installed on a user's device, so there are technical challenges associated with implementing this capability in a manner which is both compliant with App Store rules and respective of user privacy.
However, this is one of the most requested features that we are diligently working on a way to implement so that there are no questions of the privacy of our users. The idea is that regardless of which app contains trackers in it's coding, you may rest assured your data is not being leaked and in fact protected by Guardian Firewall running as you use your device normally.
Alerts of Trackers Blocked - What do they mean?
- Page Hijacker is an ad that takes over your screen giving you no way to exit out other than clicking their link (This type of aggressive ad will usually say “Congratulations!” and claim the user has won a prize).
- Data Tracker is a tracker that is known to take information such as app usage analytics, mobile device information, and other routine data which does not require specific device permissions. Not all Data Trackers are harmful, but we have determined it is best to block nearly all which we are aware of, in order to make it more difficult for entities to develop “shadow profiles” and datasets on users.
- Location Tracker is a tracker which hides within an app that has reason to request access to your location, such as a local news or weather app, but will also periodically send your GPS location to data monetization firms in order to profit.
- Mail Tracker is a tracker that tells a company sometimes where, when, and with what device that an e-mail was opened.
Will Guardian protect me even if I have location services turned on for specific apps?
Yes, Guardian will block the location tracker that belongs to a third party, but the app will still be able to access your location and function normally as you'd expect. This allows you to use certain apps such as Google Maps or Apple Maps but will deny the tracker within an app from taking the data from your device.
Does Guardian access or request location services?
No, instead, Guardian relies on system time zone in order to connect a user to the most proximate VPN node to ensure the fastest connection available.
Why does Guardian Firewall need to activate VPN upon initial setup?
The VPN is needed due to the nature of how our app works. It is a remotely hosted firewall in order to not burn battery life on the device as well as being always compatible with iOS.
Can Guardian stop a spy app that grabs user's contacts, audio recordings, photos, videos and more?
Yes, in certain scenarios, Guardian can block the information from getting out which would make the spyware useless. However, specifically tailored spyware (and/or “zero-day”) will not always be possible to stop, due to the evolving nature of such malicious software.
Our promise is that we will aggressively hunt for such entities and block them as expeditiously as possible in order to protect our users. We recommend that users who believe they may be a target of spyware utilize a defense-in-depth strategy involving multiple security solutions and behavior in order to best protect themselves.
Will Guardian block ads that takeover a page and block user from doing anything else?
Guardian is able to protect against 90% of page hijackers.
Does Guardian work with other VPNs?
We do not currently have support for other VPNs to run alongside Guardian. The way iOS is developed and the nature of using a VPN will only allow one VPN to work at a time to ensure your traffic flows through one secure tunnel and is not confused by attempting to run two VPNs simultaneously. You may have multiple VPN clients installed on your mobile device but only one enabled or connected at a time.
What is the difference between an antivirus and a firewall?
"Antivirus" traditionally resides on a device and can scan the device and anything stored locally on the device. iOS does not allow this. We instead scan the network traffic going to and from the device only, as that is all that Apple allows access to, so the functions performed are similar to that of an anti-virus per se, but we do not scan what is actually stored on device.
First True Firewall available for iOS, HOW?
To many, it would seem impossible for iOS to have a firewall app (as there has never been one available before now!) with the capabilities of Guardian Firewall and still remain approved by the App Store. A challenge indeed, but our sophisticated custom software has been very carefully designed to remain fully compliant with the App Store policies by conducting all filtering on the server-side, additionally causing almost no effect on device performance or battery life.
Does Guardian use MDM (Mobile Device Management) profile?
No, we have designed Guardian specifically in a manner that is 100% compliant with App Store policies, using only public APIs, and most certainly do not abuse APIs intended for MDM access like some apps have been doing in violation of the App Store guidelines.
Is there an API available for other VPN developers to integrate Guardian's blocking capabilities?
Currently, it is not available publicly. If we get interest from more providers, we will highly consider it.
My Alerts tab shows thousands of alerts. Will this slow my device down or take up too much storage?
We actually use a very compact database in order to store this information, so that folks can retain the full history and counts of what firms have been trying to track you. Check this by doing the following on your device:
Navigate to Settings > General > iPhone Storage and then tap "Guardian" in order to see that the space used will be probably less than 10 MB at most (That's about the size of 3 high-resolution photos!)
Does guardian store any customer information?
What is the Cost to use Guardian Firewall?
Our VPN feature is free, allowing you to encrypt your data while on public networks for short durations, even if you do not subscribe to the Firewall. Re-connect as often as you like, however, note that all of the tracker alerts in the Alerts tab will only be detected on the free tier.
All of our subscriptions include a free 7-day trial! Our Firewall feature has three separate subscription options which all include a high speed VPN connection with on-demand capability. The tracker alerts will show in the Alerts tab that they are blocked on any of the subscription tiers.
$9.99 USD per month
$26.99 USD for 3 months
$99.99 USD per year (Family plans and other discounts coming soon!)
Is the price per device or per Apple ID or is there an option for "family plan" or multi-device?
Currently Guardian Firewall supports one subscription purchase per Apple ID, which may be restored on up to five devices of the same Apple ID per Apple’s policy. A family plan option is in the works but does not support in-app purchases (subscriptions) at this time.
Privacy Bonus Points
- There is no login or account necessary to begin using Guardian Firewall.
- We do not log user’s sessions while connected to our VPN servers.
- All traffic sent while our VPN is connected is end-to-end encrypted and private.
Why are certain apps not working while Guardian is on?
Some apps might flag the use of a proxy and automatically prevent the user from accessing their services while Guardian Firewall is enabled. We are currently working on a white-listing feature (a very popular request), which will allow some of these apps that reportedly do not play well with Guardian Firewall, to continue to work as normal without causing errors. If you have experienced specific apps not working with Guardian Firewall enabled, please contact us with the name of the app that is not working for you by emailing us at firstname.lastname@example.org.
In the meantime, if you are experiencing difficulty with a certain app, please make sure to press the Shield-G in the home screen of Guardian to temporarily turn off protection in order to complete the function in the app you wish to use, and be sure to navigate back to Guardian Firewall to turn protection back on by pressing the Shield-G again.
What systems are compatible with Guardian Firewall?
Currently Guardian Firewall is only available on iOS and iPad. Official iPad support is in the pipeline and coming soon. With increasing interest in using one program across multiple devices, we are exploring a roadmap of development that would include many platforms for users to protect all of their devices.
Is Guardian Firewall available for Android?
Guardian Firewall is not currently available on Android. Our founder’s expertise in iOS is where our starting point of development began. Down the road, as we continue to grow, we would absolutely consider development paths to provide privacy offerings across many different platforms but this is not in the near future at this time.