Guardian Firewall claims to be the first proper firewall app for iOS. It works by routing all the network connections from your iPhone or iPad through a VPN, and then filtering out privacy-invading trackers on Guardian’s own servers.
The idea is that all the heavy lifting is done on those servers, so you don’t have to worry about battery drain, or on the iOS security features that prevent an app from futzing with your internet connection.
Sounds good, but should you trust Guardian Firewall?
First iOS firewall
The first caveat is that you need to trust Guardian Firewall developer Will Strafach and Sudo Security Group. You might know Strafach as a cybersecurity expert or as an iOS jailbreaker who gained notoriety under the name Chronic.
Currently, the Guardian Firewall website has only a single blog post, and the app is not available in the App Store. Seeing as all your data will be running through the Guardian Firewall servers, you should conduct a thorough investigation before installing it. Remember that even App Store apps are quite capable of stealing your data.
On the other hand, Daring Fireball’s John Gruber recommends the app and service. Glenn Fleishman wrote about the app and the people behind it for Fast Company in March.
Guardian Firewall vs. content blockers
Your iPhone and iPad already let you use content blockers to block trackers, cookies, ads and other malware. But these only apply to Safari. They do nothing to block applications from communicating any and all of the data they have on you, from your location, details of your menstrual cycle, sleep patterns and even passwords.
That’s where Guardian comes in. You pay $10 per month for the VPN/Firewall combo. The app itself is just a client for the VPN, and everything else is done on the servers. The developer says that no information is collected about you.
“We’ve done everything we can to make sure we can’t tell that it’s their device,” Strafach told Fleishman.
One neat feature of the app is that it pops up a notification whenever it blocks, or detects, a connection attempt from another app. This makes it the closest thing on iOS to the Mac app Little Snitch. This feature existed in early versions, but was removed for the final release “[Alerts] were too frequent and so we had to re-think how to handle it,” developer Will Strafach told me via Twitter.
I’d say it’s up to the user to determine if they would prefer to trust a privacy-first company, or their ISP. additionally, security conscious users like to have their traffic encrypted on any network they use.
— Will Strafach (@chronic) June 18, 2019
If you want to use Guardian Firewall but did not preorder it, you must wait until the public launch in July. That delay is perfect, as it gives you time to investigate and decide whether to trust the service. I’m leaning toward trusting it, but it’d be nice if you could opt out of, say, having your banking app redirected through the service. Or not. I don’t know, which is why I’m going to do a lot of reading about this.
A native iOS feature?
I’d be happier if Apple built this into iOS. Something like Screen Time, say, only for app connections instead of app usage. You could choose to grant or deny connections, and it wouldn’t even need a VPN.
Price: Free with in-app subscription
Download: Guardian Firewall from the App Store (iOS)