Many long-time users of PDAs and smart phones have become accustomed to the idea of carrying around personal information on their mobile devices, including data that normally requires a higher degree of security: passwords, credit card numbers, and other financial information. For these users, the lack of a secure personal information storage application—aka a “wallet app”—was a serious deficiency in the initial iPhone release last year.
Fortunately, like many other applications, the iPhone SDK has allowed numerous developers to step up to the plate and fill this demand. The current plethora of applications available for the iPhone include a number of completely new entries, iPhone-based versions of traditional desktop applications, and now iPhone versions of a couple of Palm and PocketPC applications, as well. Today, we review the entire gamut of “wallet” applications that are available on the App Store with a focus on flexibility, usability and security. Some of these apps are focused on single purposes such as password management, while others offer a much more flexible personal information management capability. Obviously each user’s needs will be a bit different, but the current selection of apps should offer something for everyone. We’ve listed our highly recommended (A) and generally recommended (B) apps on the first page of this article; read on to page 2 if you want to see okay (C-rated) apps, and page 3 for seriously deficient (D/F-rated) apps.
A couple of key points wallet app users care about are backups and security. Specifically, people want to know answers to questions such as, “Is my data backed up when using these apps?” and “How secure is my data?”.
Backups: Good news. ALL of the applications we’ve reviewed here, and in fact the data from every application on your iPhone, is specifically backed up to your computer each time you sync with iTunes. With the exception of those applications that specifically provide desktop synchronization, this is the only backup you’re going to get, but as long as you’re syncing your iPhone regularly enough with iTunes, this will allow you to restore all of your data seamlessly in the event that your iPhone needs to be restored, or in the event that your iPhone is lost or damaged and you need a replacement. There is no difference in the quality of these backups or how they are handled; in fact, we specifically tested all of these applications to ensure that their data would be available after a restore, and they all passed with flying colors using the iPhone v2.1 OS.
Security: In applications of this nature, we consider data encryption to be a core requirement, and something that most users will logically expect from an app that claims to be “secure” enough to provide a repository for storing confidential financial and password information. An application that claims to be secure but does not even provide a basic level of encryption is dangerous, as you are trusting it with your private data, yet it can be easily compromised with little effort should somebody gain access to your iPhone or your iPhone backups.
Most—not all—of the applications we’ve reviewed provide encryption for your secure data, but several do not. We’ve given these applications our lowest rating as we consider this to be an extremely serious deficiency, and recommend that these apps be avoided until the developers implement at least a basic level of encryption. To provide an illustration of how serious this is, it took around 30 seconds using commonly-available tools to extract confidential data such as credit card numbers, passwords, and PINs from the iPhone backups of these insecure applications.
That having been said, we consider an application that offers even a basic level of encryption to be “good enough” for most users. We did not perform detailed cryptanalysis on these applications or worry too much about what level of encryption they support. It is our opinion that most developers who make loud claims of things like “military-grade encryption” are relying on imprecise terms for marketing purposes. For now, it’s fair to say that encryption is encryption, since if you actually have legitimate concerns about the possibility of somebody going to the effort to crack the encryption on your secure information, you probably should not be storing it on an iPhone in the first place.
eWallet ($10) is one of the most well-known and common secure wallet apps for portable devices, having been available on Palm and Windows Mobile devices for several years already. Its introduction into the iPhone world was somewhat expected, although the App Store business model has made it necessary for iLium to change their pricing model slightly. Previous PDA versions normally included the desktop application and mobile version bundled together in the same package, whereas the App Store does not really permit this type of bundling, requiring the desktop version to be purchased separately directly from the iLium web site. The iPhone version of the application sells on the App Store for $10, and the Windows desktop version can be purchased for an additional $10. A Mac version is currently not available, but is under development and expected by the end of the year.
eWallet is easily the single most configurable iPhone wallet application that we’ve reviewed, and provides one of the nicest wallet interfaces that we have seen. Unfortunately, this level of customization can be a two-edged sword: with the ability to specify custom card colors, background graphics and icons, it’s definitely possible to spend more time making your cards look pretty than actually storing your information.
In terms of item types, eWallet supports just about every type of item you could even think of storing, ranging from the obvious (credit cards, bank accounts, web passwords) to the more mundane (driver’s license, social security number) to the esoteric (clothing sizes, prescriptions, voter registration numbers). These item types are merely defined by the templates provided to get you started, but in reality each individual entry is completely customizable in terms of field names and content types on an item-by-item basis, and 15 additional detail fields are also provided for each entry type.
Item fields can be given a specific type, and contextually-appropriate data entry methods are used: entering data into a numeric field will bring up a numeric keypad, and entering into a date field will bring up a date browser. Hidden/masked fields are also supported, although these are treated as general text fields. Hidden fields are masked during viewing and can be tapped on to show the content of individual fields (passwords, PIN numbers, etc). Hidden fields are not masked during data entry, however. A separate “Notes” section is provided for each item, allowing extensive notes to be added.
Individual items show a graphical card-like representation of the item depending on the template used. Specific card types such as VISA and Mastercards will show the appropriate logos in a credit-card style, while other item types will simply show a generic “card” background. More detailed items can be viewed by tapping the “i” located in the bottom-right corner, which will “flip” the card around to show a table-style summary view of all fields.
Cards can be further customized by specifying a card color, choosing the general card style, adding notes, setting icons, and even choosing from either a supplied collection of background images, or a photo from your iPhone’s camera or photo library.
Rather than a single data store, eWallet supports the concept of multiple “wallets” which can each have their own password (or no password at all), and individual security settings and folders within each. Upon initial installation, eWallet provides a default “Sample” wallet with no password and some instructions and sample data to get you started. You can either customize this wallet further or return to the main screen and create a new wallet.
Each wallet also has its own security settings, such as whether or not automatic lock or intruder lockout is enabled for that wallet, and the auto lock time, number of invalid password attempts, and intruder lockout time for that particular wallet.
eWallet supports a folder/category structure within each wallet as well to help you further organize your items. Each folder can be set with a default item type/template, and folders can be nested within other folders.
Synchronization with the Windows desktop companion app works in much the same way as it does for other iPhone apps. Clicking the “Sync” icon will take you to a sync information screen, where you can either initiate a synchronization or set up a new sync. Choosing Sync Setup will take you through a step-by-step process of ensuring that your iPhone and PC are connected to the same network, that you have the appropriate wallet file open, and take you through “pairing” your iPhone eWallet app with the desktop eWallet software.
Ultimately, the only real deficiency in eWallet is that it does not support any kind of search feature—an unfortunate limitation in an application that is well capable of storing hundreds of different pieces of your personal information, but certainly not a serious show-stopper for most users, particularly given the very robust folder structure support. Unlike applications such as 1Password, eWallet on the iPhone is fully functional by itself, making the eWallet desktop application a companion app which is useful for synchronization and faster data entry, but certainly not required.
The bottom line is that eWallet is easily the most feature-rich, configurable, and graphically stunning wallet application we’ve reviewed on the iPhone, with the only real downside being that users looking for a simple no-frills app to store basic information may find eWallet to be a bit overwhelming. It should be noted that none of the advanced customization features are required to use eWallet, and the available templates mean that even users looking for a simple option will be able to get started without too much of a learning curve. iLounge Rating: A.
Like eWallet, SplashID ($10) has been the other mainstream app in the PDA secure wallet space, having appeared in Palm and Windows Mobile versions for several years. SplashData actually provides an entire suite of applications for handling other types of information such as shopping lists and financial accounts as well.
Like eWallet, SplashID is designed to be a complete solution between the mobile device and the desktop, rather than simply an iPhone-based extension of a popular desktop application. In fact, SplashID has always been focused more on the mobile device side, with the desktop app merely being a companion to manage and backup your data.
When you first run SplashID on the iPhone, it takes you through a fairly well-laid out quick start guide to go over the basic features and get you started, after which you’ll be prompted to enter a password and a password hint, and your iPhone SplashID database will be created.
SplashID supports a basic category structure to organize your items, and categories may be added, deleted or renamed. Items are organized within each category by item type. Entries for All Categories and All Types are available to browse through your entire SplashID database without any filtering.
The “Types” themselves merely define templates for different types of wallet items such as bank accounts, credit cards, frequent flyer memberships, web logins, and so forth. You can customize the existing templates themselves from the “Tools” menu and add new templates. However, each record is fully customizable with 10 fields that can be configured on a per-record basis regardless of the item type/template that was used to create that item.
SplashID does not use a concept of field types, such as numeric, text, and the like. All fields are treated as general text, although a “Masking” option is available for each field on a field-by-field and record-by-record basis. Further, rather than defining fields for information such as dates, URLs, and phone numbers, SplashID looks at the field content or field name to decide if any special handling should be enabled or that field. For example, give a field a name containing the word “Date” and a calendar button will appear beside the text entry field to allow you to use the date picker to enter a date. Likewise, fields containing the word “Phone” provide a link to dial the phone number directly, and fields that contain data that looks like a web site address (such as possessing a “www” prefix) provide a link to open the URL in the Safari browser.
SplashID also provides the ability to tag your entries from a pre-defined selection of icons, which can be applied to your templates, or customized on a per-item basis.
The app also supports a non-user-configurable intruder lockout feature. After five invalid access attempts, the SplashID database is locked for approximately 30 minutes. If you have actually forgotten your password, you can also choose to delete all of your data and start over.
In terms of desktop synchronization, SplashID is the only app we’ve reviewed that currently provides both PC and Mac desktop versions. Existing SplashID users coming from another platform will need to download the iPhone-specific desktop application, which can run alongside your existing installation of SplashID and import any existing SplashID data once you’ve set up the synchronization with your iPhone.
Setting up and performing a sync basically involves going to the “Tools” menu in SplashID on your iPhone and selecting the “Sync” option; SplashID will go out in search of an existing SplashID for iPhone app on your wireless network and initiate a sync process. If this is the first time syncing, the SplashID desktop will prompt you for your iPhone SplashID password and establish the association between the two devices. In the future, syncs will be performed seamlessly simply by accessing the “Sync” option while SplashID is running on your desktop and both devices are on the same Wi-Fi network.
Even as an iPhone-only app without the desktop sync, SplashID is one of the most functional and versatile secure personal information storage apps we’ve seen. It does not in any way require that you use the desktop application to provide full functionality, and is therefore a good value even if you’re only considering the iPhone app. The companion SplashID for desktop application is available for an additional $20, making the total price of the set $30. SplashID is one of only two applications to provide a robust iPhone app combined with desktop synchronization for a very affordable price. iLounge Rating: A.
1Password for the iPhone (Free) is an extension of the very popular and award-winning 1Password app for Mac OS X, allowing you to sync your 1Password data from your Mac onto your iPhone via Wi-Fi and carry it around with you. Best of all, Agile has chosen to make the iPhone application free, at least for a limited time, though if you’re looking for desktop synchronization, you will need to shell out an additional $40 for the 1Password application.
1Password is designed to store passwords, basic wallet items and secure notes. Each of these content types are also supported in the iPhone version, although you can only create and edit password and secure notes on the iPhone itself. Wallet items must be synced from the desktop application—in fact, the “Wallet” category does not even appear until this happens—and they are read-only on the iPhone itself, although you can add or edit notes to existing wallet items.
For users of the 1Password desktop client, the inability to add new wallet items or edit existing ones is unlikely to be a serious limitation for most, since this information generally does not change often. However, the inability to actually add wallet items to the iPhone version directly will limit the usefulness of 1Password on the iPhone for Windows users, or those Mac users who are not using the desktop version.
The 1Password desktop application was primarily designed to store web passwords and automatically fill web forms, and in fact the Agile team came up with a very interesting and unique solution to provide iPhone-based web password support months before the iPhone SDK was even available. They used an encrypted bookmarklet for the MobileSafari browser that could be synced to your iPhone via your normal Safari bookmarks.
1Password for the iPhone continues to support this somewhat, but since third-party applications cannot currently plug into the MobileSafari browser, 1Password provides its own integrated web browser for secure site sign-on. Tapping a link within a password item will open the 1Password browser and load the page in there with the appropriate sign-on fields already filled in. This method works pretty much as expected, although the built-in 1Password browser does not provide support for landscape orientation, making some pages unnecessarily cumbersome to deal with.
As with most iPhone apps that synchronize with your computer, 1Password synchronization occurs over Wi-Fi and is relatively straightforward to set up. Start 1Password on your computer and click the “iPhone” icon to ensure that iPhone synchronization is enabled. Once 1Password is running on your computer, iPhone sync is enabled, and your iPhone and your Mac are on the same Wi-Fi network, simply initiate synchronization from 1Password on the iPhone. The iPhone will display a five-digit code and the 1Password desktop will prompt you to enter this code to associate the two devices.
Once the iPhone version has been paired with the desktop version, future syncs can be initiated manually from the iPhone client whenever 1Password is running on your computer and both devices are on the same Wi-Fi network.
One very interesting and unique feature that 1Password provides is a two-factor authentication system. Both a PIN and a master password are specified when 1Password is first set up, and users can choose on an item-by-item basis which should be protected by the master password, and which items can be accessed with only a PIN. When you initially start 1Password, it merely prompts for the four-digit PIN, which gives you browse access to all of the items in your 1Password database. When you attempt to access an item that is protected by the master password, you are prompted specifically for this password.
By default, all new items synced from the desktop version of 1Password are protected by the master password, so if you want your items to be available with only a PIN, you must edit each item individually and turn OFF the “Master password protection” option. An ability to change this setting globally, or to base it on some type of category would probably be more useful, as would the ability to specify this option from the desktop version of 1Password.
1Password also provides a simple intruder lockout feature, similar to the iPhone’s own password lock system. After five invalid password attempts, 1Password will lock the user out for a fixed amount of time. This lockout duration increases with each additional invalid password attempt until a correct password is entered. In the case of the master password for accessing protected items, five invalid attempts will simply restrict access to those items’ content until the application is restarted.
1Password provides the ability to change the PIN and master passwords, and the ability to set the automatic lock timeouts for each level of password. A search function is also included for passwords and wallet items, although only item titles can actually be searched. The search function is not available for notes.
For users of the 1Password desktop application, the 1Password iPhone app is a natural fit, and works extremely well. Information is securely synchronized with 1Password on your Mac, placing all of your passwords, wallet items, and notes at your disposal. Passwords and notes can be added and edited and synced back to the 1Password desktop, and the integrated browser allows for seamless single-sign on to most web sites. For those users who are looking at using 1Password for the iPhone as a standalone application, it still does offer some appeal for storage of passwords and secure notes, and features such as automatic web-based login form filling, two-factor authentication, and intruder lockout do offer a certain appeal, as does the free price tag. It rates a B+ overall—an A- for desktop app users, and a B- for those who intend to use it without the desktop app. iLounge Rating: B+.
mSecure ($2) is currently being offered at an “introductory price.” It is a simple, straightforward secure information storage app for a variety of different types of information, including credit cards, web logins, bank accounts, clothing sizes, and much more. The main listing screen shows a summary of entries including detail fields that can be sorted/grouped either alphabetically or by type.
Sixteen different item types are supported with pre-defined fields, and these existing types can be customized or deleted, and new custom types can also be added. Fields can be set to display on the main screen or only on the item detail view. No hidden/masked fields are available.
Field types basically include text and numeric value types, with contextually-appropriate data entry for each field, so numeric entry fields bring up a numeric entry keypad, and special field types for URLs, phone numbers, and e-mail addresses which provide the ability for the field content to link to the appropriate application—clicking on a URL field will open Safari.
Further, a selection of custom icons is available within the application which can be associated with each particular item type.
The use of a password with mSecure is actually optional, and unlike most of the other apps we’ve reviewed, mSecure merely advises you to set a password at startup rather than forcing you to set one.
If you do choose to use a password, you have the option at login of either displaying the normal QWERTY keyboard or a numeric keypad for password entry, and mSecure will remember the last screen that was successfully used. This allows users who prefer a numeric password to use a numeric keypad by default. A password hint can also optionally be set and accessed by tapping the “Hint” link on the sign-on scren.
mSecure also offers a full-text search function which can search not only item titles, but any information contained within your mSecure database.
Lastly, mSecure offers some basic interface options, including the ability to choose from two different display font sizes and two different color themes.
mSecure is far from the most sophisticated of the applications we’ve reviewed, but for the very reasonable $2 price, it handles the basic task of keeping track of your personal information with an elegant simplicity while still offering a polished user interface and a decent level of customization. For users who want something very straightforward and secure to store their personal information and are not concerned with desktop synchornization, mSecure is one of the better choices available at its current price point. If the price goes up significantly, the rating relative to its competitors will drop correspondingly. iLounge Rating: B+.