Internet firewall?


Last Updated:

  1. ifb-online

    ifb-online Well-Known Member This Topic's Starter

    Joined:
    Mar 29, 2010
    Messages:
    725
    Likes Received:
    52
    As phones like the Desire can be online a lot, should we all be using Internet firewalls to prevent unwanted attention from hackers, etc.?

    Ian
     

    Advertisement
  2. wuthton

    wuthton Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    378
    Likes Received:
    27
    I think that it is fairly unlikely that anybody will want to hack into your phone.

    If you are talking about viruses, trojans etc then, as Android is built from a Linux base it is inherently more secure than Windows, you have to physically install a virus yourself.

    Basically you do not need firewalls/virus scanners your main precaution is not to download apps from outside the Market unless you are sure it is a reputable source. Dodgy app sites are the most likely place you can pick up some malicious software.
     
  3. ifb-online

    ifb-online Well-Known Member This Topic's Starter

    Joined:
    Mar 29, 2010
    Messages:
    725
    Likes Received:
    52
    I already have an anti-virus app that scans installed files for embedded threats - (my understanding that these are more of a threat to a PC that is connected to the phone) but I would have thought that a network firewall would be a sensible precaution?

    Ian
     
  4. SUroot

    SUroot Well-Known Member Developer

    Joined:
    May 25, 2010
    Messages:
    23,925
    Likes Received:
    5,304
    They do exist. panda, droid wall, android firewall.
     
  5. ifb-online

    ifb-online Well-Known Member This Topic's Starter

    Joined:
    Mar 29, 2010
    Messages:
    725
    Likes Received:
    52
    The firewalls I have had a brief look at seem to be focused on call functions rather than Internet security?

    Ian
     
  6. SUroot

    SUroot Well-Known Member Developer

    Joined:
    May 25, 2010
    Messages:
    23,925
    Likes Received:
    5,304
    I don't think you would need one...

    This is interesting...

    "Security Architecture

    A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails), reading or writing another application's files, performing network access, keeping the device awake, etc.

    An application's process runs in a security sandbox. The sandbox is designed to prevent applications from disrupting each other, except by explicitly declaring the permissions they need for additional capabilities not provided by the basic sandbox. The system handles requests for permissions in various ways, typically by automatically allowing or disallowing based on certificates or by prompting the user. The permissions required by an application are declared statically in that application, so they can be known up-front at install time and will not change after that."




    Security and Permissions | Android Developers
     
  7. joll200x

    joll200x Member

    Joined:
    May 4, 2010
    Messages:
    19
    Likes Received:
    0
    in short, there's little chance of any network based attacks effecting any mobile device (unless it's launched by another mobile device on the same network segment). If you look at the IP address you get on your device, it will probably fall into one of the RFC1918 private address spaces, which aren't accessible from the 'internet'. Plus I doubt there are many services running on the device which are listening and able to be connected to anyway?
     
  8. gibbs1984

    gibbs1984 Well-Known Member

    Joined:
    Apr 11, 2010
    Messages:
    1,005
    Likes Received:
    212
    Linux has (so assuming Android has) a firewall built in already, it's called iptables.
     
  9. TonyXL

    TonyXL Active Member

    Joined:
    Jul 16, 2010
    Messages:
    34
    Likes Received:
    3
    Only DroidWall seems to be able to block internet traffic, the others only block phone/SMS. Unfortunately, DroidWall requires root.

    I think a firewall would be very handy. For example, LauncherPro has full access to your Gmail, and also has internet access permission. The devs claim that the internet access is only to enable the "Plus" features. But what's to stop them from going rogue and secretly forwarding small amounts of data from your Gmail to their server in Argentina? It would be great for a firewall program to alert you whenever an app (like LauncherPro) is accessing the internet.
     
  10. partridge

    partridge Well-Known Member

    Joined:
    Jun 1, 2010
    Messages:
    558
    Likes Received:
    57
    Actually, The Register ran a report today about an SMS trojan that offers you a game via a link that if installed causes the phone to fire off texts to premium rate text services.

    However, as was pointed out in the comments, this can only work IF you've ticked the box to allow untrusted apps to be installed (by default it is off) and it also requires you to be stupid enough to install something from an untrusted source in the first place :)

    Personally I'm not too worried about this, but anyone installing apps should always make sure they look at the red text to see what access the app has to the phone, I saw one app that wanted access to my contacts, but the purpose of the app had nothing to do with that side of my phone so I didn't install.
     
  11. w.maddler

    w.maddler Member

    Joined:
    Aug 11, 2010
    Messages:
    19
    Likes Received:
    3
    @wuthton: don't understimate mobile device's security relevance. They became not that different from a normal PC, at least from a "contents" point of view. I mean, most likely you use it to access your bank account, your email and whatever.

    As an example, your HTC Desire will always have ADB listening on port 16650. Are you sure no one at your office/school will ever be able to gain access to your device using an ADB flaw? ;)

    Another example, even more real and easier to find, what if you install a rogue app posing like being a innocuous one and instead being used by some black-hat in order to perform illegal activities (e.g. running a darknet)?

    Cheers,
    William
     
  12. mahkee

    mahkee Member

    Joined:
    May 4, 2010
    Messages:
    13
    Likes Received:
    0
    DroidWall I think might be what I am looking for, I wish there was a way to edit what an app has access to though :(
     
  13. ojosch

    ojosch Member

    Joined:
    Apr 15, 2010
    Messages:
    7
    Likes Received:
    8
    I just bought a used iPod touch on ebay for real cheap the other day for kicks (only $62) just to play around with since I've always been such an Android fan since I got my Droid, so I just wanted to see what I might be missing since I had never really used iOS before (so far I don't like it much at all since its UI is just too simple for me and doesn't offer much customization ability).

    But, I did stumble across a really good firewall in the Cydia Store today (it's jailbroken), the app's called IP Firewall. It works superb. I don't know if it uses iptables or not (it may, since it is a unix based OS), but after using it, I wish I could figure out how to port it over to Android though. It is that good. It gives you the classic prompt at each outgoing connection attempt and asks you how you want to handle it, and it gives you every possible option to choose from like: 'App1' tries to contact (port 80): m.example-url.com , options are: Allow once, Allow session, Allow all sessions, Always allow, Allow all connections for this app, Deny once, Deny session, Deny all sessions, Always Deny, Deny all connections from this app, Globally allow this URL on OS, and finally, Globally deny this URL on OS.

    I might go email that dev who made and ask if he'd be up to porting it over to Android. But for now, I'm going to try Droidwall out and see how it works. It doesn't have as many allow / deny choices, but it might at least work to kill the apps that I know have no business connecting to the www.
     
  14. admit

    admit Banned

    Joined:
    Apr 29, 2011
    Messages:
    26
    Likes Received:
    2
    Message originally posted
     
  15. andybog

    andybog Well-Known Member

    Joined:
    May 29, 2011
    Messages:
    114
    Likes Received:
    19
    Avast mobile internet security has a firewall but you do need to be rooted for it to work. You can deny any app outbound access, no idea if it blocks inbound connections though. It has been antivirus/malware tested against other solutions by av-test.org and came out on top, has loads of features eg anti theft, track device, wipe device remotley and can be made hard reset proof......its also free!

    Denying permissions an app has can be done using 'permissions denied' app. why does angry birds need to know where i am? Turn off a permission and test if the app can still work, some will just force close. All in the app is a bit hit and miss but works most of the time.....only works for user apps NOT system apps.

    Combine the two is best, if an app doesnt need internet access e.g angry birds, block it with the firewall and who cares if it knows where you are, it cant do anything with the data because its blocked via the firewall.
     

Share This Page

Loading...