iPhone apps are designed to look great, but they don’t always do a great job of letting us know what they’re doing. When they send information back to developers or advertisers, it’s totally invisible to users. viaProtect (free, App Store) aims to give users a little more visibility by laying the chatty nature of apps bare. It’s intended to show you which apps are talking to what companies, where your data is headed, and if the data is encrypted.
There are two halves to viaProtect: an iOS app and an online dashboard. By itself, the app is a little lackluster, but it does provide some useful tips on securing your phone. It has the potential to be a great tool for consumers, and it demonstrates that potential very clearly on Android. Alas, the developers say that OS limitations imposed by Apple mean that it will be some time before iOS users can enjoy access to much of this thought-provoking data.
Setting up requires only an email address to create an account, though you have the option of using a “guest” account with viaProtect. I highly recommend creating an account in order to get access all the data from your other devices in the powerful Web interface, but more on that later.
Weirdly, you are not prompted to create a password when you sign up. Instead, you wait for an email inviting you to finish creating your account online. The problem is that nowhere in the app are you told to wait for anything, nor is there any information on how to set up your account. I wasn’t able to set up my viaProtect account using just a tablet but had no trouble using my PC, an iPhone 4s, and a dollop of patience.
On the App
The app’s main page shows a visual gauge and an overall security score, and its looks are a pleasing match with iOS. You can tap to see what factors go into your score, but these are a little lackluster on iPhone. The iOS app has access to only a handful of sensors and can’t access much information about your device. The iOS app could not, for instance, detect whether my device was locked with a PIN code.
The viaProtect main page also lets you access three reports on app activity. The Organization report shows to whom your apps are sending information. My report showed me that my iPhone 5c sends 40 percent of its connections to Amazon. The Countries report shows where your data is going; in my case this is 100 percent U.S. traffic. Last is the Encrypted Traffic report, which shows how much of your information is being secured in transit, displayed in a handy pie chart. I could easily see that 80 percent of my phone’s traffic was encrypted, while a not-insignificant 20 percent was not.
On the Web
Unfortunately, the app doesn’t let you drill down very far into the information or adjust how it’s gathered. For that, you’ll need to login to viaProtect.com. From here, you can view data from every device you own running viaProtect, regardless of OS.
When I look at my iPhone 4s and 5c on viaProtect, the available information is slim. All their traffic is lumped into a single category called Mobile User. It’s a different story for Android. In the Android version, there’s meaty information in the reports section, and the most interesting report is Netstat. Here you can see the apps on your device that are sending information, where it’s going, if it’s encrypted, and more. You can read more about what I found in my review of viaProtect for Android. The developers tell me that future versions will be able to provide more data for iOS users.
From the website you can view Organizations and Countries reports, but most of the really useful information is available in the Netstat report. Unfortunately, the information on the viaProtect site felt oddly organized across the board. For example, a colorful pie chart on the dashboard page shows the different protocols being used by your phones—including encrypted HTTPS and unencrypted HTTP. But clicking on a pie wedge simply lists the devices that have used that protocol, not the apps or services in question.
One critical feature in viaProtect is the Sensor Config menu, found in the Setup portion of the website. While you can view these settings from the app, they’re only editable here, and there are a lot of them. There are controls for watching which apps access your device ID and the sensors used to compile the Netstat data. Each section can be expanded to change how often data is collected, or if it is collected at all. Handy icons show how much of an impact running the sensor will have on battery life and which OS supports said sensor. Some of these settings—specifically, limiting uploads to when Wi-Fi is available and intervals for uploading data—should probably be moved to the app level. I’m not sure if other sensors, such as ambient light detection, are actually useful.
There are several panes on the viaProtect site that feel like vestigial enterprise-level features. There is, for examples, information about how many of your enrolled devices are rooted, a breakdown of OSes, and even the current location for enrolled phones. This last feature is off by default.
Despite all the information viaProtect provides, it still requires a fair amount of interpretation. I know, for instance, that some apps are assuredly communicating with advertisers, but I haven’t yet figured out how to glean that information from the app, nor what specific information is being sent. Unfortunately, that’s probably beyond the scope of what viaProtect can provide.
Let’s be clear: viaProtect is not like other mobile-security apps. It can’t detect malware, it won’t guard against phishing, and, though it can gather your location information, it probably won’t help retrieve a stolen phone. It also struggles with the restrictions of iOS, though the developers said that will change soon. They also said that future versions will do more to detect threats.
viaProtect does a decent job of providing information about leaks to Android users, simply because the platform is less restrictive than iOS is. If you have more than one kind of device, viaProtect can be a powerful tool. Its data is provocative, and it can provide the kind of information previously available only to experts, in a mostly digestible form.
Copyright © 2012 Ziff Davis, Inc