Very proud to report that Lightspeed client viaForensics received an Editor’s Choice award today from PC Magazine for its mobile security app, viaProtect.
Provides good advice for securing your phone. Web portal shows all app traffic, where it’s going, who sent it, and if it’s secured. Cross platform.
viaProtect pierces the slick veneer of mobile apps and lays privacy risks bare; it’s a must-have utility for Android users.
The eye-catching, finger-friendly designs of mobile apps enthrall users, but the slick façades often hide what the app is actually doing. Do you know if your favorite office app is sending data to a server in some other country? Do you know which of your apps aren’t encrypting their transmissions? viaProtect (free, Google Play) lets you know exactly what your apps are up to so you can decide whether they’re worth keeping.
There are two halves to viaProtect: a mobile app—Android (reviewed here) and iPhone—and an online dashboard. By itself, the Android app is a little lackluster, but it does provide some useful
tips on securing your phone. Taken as a whole, however, the dashboard and mobile app make viaProtect a fascinating tool for making smart choices about what you install on your phone.
Setup requires only an email address to create an account, although you can use a “guest” account with the viaProtect app. I highly recommend creating an account in order to get access to the powerful Web interface, but more on that later.
Weirdly, you are not prompted to create a password when you sign up. Instead, you wait for an email inviting you to finish creating your account online. The problem is that the app doesn’t tell you to wait for anything, nor is there any information on how to set up your account. You’ll need a computer handy to set up your viaProtect account. I wasn’t able to access the web portal to create an account using just my Nexus 7 but had no trouble using my PC, a Samsung Galaxy S4 Active, and a dollop of patience.
On the App
The app’s main page shows a visual gauge and an overall security score, similar to that of Bitdefender’s Clueful Privacy Advisor. You can tap to see the individual factors that go into your score, but not advice on how to fix potential issues. For instance, viaProtect might tell you that you should set a PIN code to lock your phone, but it doesn’t tell you how to do it. Clueful Privacy Advisor provides handy links for uninstalling risky apps, as well as links for shaming the developers on Twitter. The viaProtect main page also lets you access three reports on app activity. The Organization report shows to whom your apps are sending information. I could see, for example, that my phone sends 35 percent of its data to Amazon. The Countries report shows where your data is going, which in my case is 98 percent to the U.S., one percent to Japan, and less than one percent to the Netherlands. Last is the Encrypted Traffic report, which shows how much of your information is being secured in transit with a handy pie chart. From here I could easily see that about 67 percent of my phone’s traffic was encrypted, while a sizable 30 percent was not. Four percent of my data was listed as “unknown.” (Clearly, these do not add up to 100 percent, and are likely the result of some tricky rounding.) For now, seeing which apps are sending what information isn’t possible in the viaProtect app.
On the Web
Unfortunately, the app doesn’t let you drill down very far into the information or adjust how it’s gathered. For that, you’ll need to log in to viaProtect.com. From here, you can view data from every device you own running viaProtect, regardless of OS. You can view in-depth versions of the Organizations and Countries reports on the website, but most of the really useful information is available in a section called Netstat. Here you can see the apps on your device that are sending information, where it’s going, if it’s encrypted, and more. For example, I could see that my TouchPal X keyboard was still sending a lot of unencrypted information despite the fact that I disabled it. Clicking on the app’s row in the Netstat table took me to a page of detailed information about the app. Here I could see the list of IP addresses TouchPal was contacting and when. (I was troubled to see that it was sending data to seven different addresses at the exact same time.) Unfortunately, much of the information on the viaProtect site feels oddly organized. For example, a colorful pie chart on the dashboard page shows the different protocols being used by your phones—including encrypted HTTPS and unencrypted HTTP. But clicking on a pie wedge simply lists the devices which have used that protocol. One critical feature in viaProtect is the Sensor Config menu, found in the Setup portion of the website. While you can view these settings from the app, they’re only editable here. There are also a lot of them. Each section can be expanded to change how often data is
collected, or if it is collected at all. Handy icons show how much of an impact running the sensor will affect battery life, and which OS supports said sensor. Some of these settings—specifically, limiting uploads to when Wi-Fi is available and intervals for uploading data—should probably be moved to the app level. Other settings seem a bit odd, like ambient-light detection.
There are several panes on the viaProtect site that feel like vestigial enterprise-level features. There is information about how many of your enrolled devices are rooted, a breakdown of OSes, and, oddly, the current location for phones. This last feature is off by default. Despite all the information that viaProtect provides, it still requires a fair amount of interpretation. I know,
for instance, that some apps are assuredly communicating with advertisers, but I haven’t yet figured out how to glean that information from the app. I also can’t tell what specific information is being sent from my phone. The sensors to get this data are apparently in place and viaProtect tells me that future versions of the app will have reports for this information.
I really like what I can learn from this service, but I’d like to see more information presented within the app, the site’s navigation streamlined, and more explanation of the data in reports. Right now it’s very thought provoking, but it needs more context. Let’s be clear: viaProtect is not like other mobile security apps. It can’t detect malware, it won’t guard against phishing, and though it can display your device’s current location, it probably won’t help retrieve a stolen phone. It’s aimed at apps that leak your personal information, which is completely invisible to the average consumer. The developers tell me that future versions will be more active about detecting attacks like malware, in addition to providing insight into invisible app activities. I’m looking forward to that, but the
data provided by viaProtect is already a great resource for consumers. viaProtect is not perfect but it’s off to a strong start and best of all it’s totally free. It’s our Editors’ Choice for Android privacy utilities.
By Max Eddy
Max Eddy is a Junior Software Analyst investigating the latest and greatest apps for Android. Paranoid by nature, he’s also keeping an eye on emerging threats and countermeasures at
SecurityWatch with Neil Rubenking and Fahmida