Using a firewall in android

[androidnewbie5]

A lot of apps do not really need web access and work fine without such access. With many android apps, especially games, browsers, and the like having spyware elements that phone home, how effective is using a firewall to protect one's data? I ask because I am not familiar with the inner workings of android and wonder if apps can bypass firewalls in android. I use Avast Mobile Security which includes a firewall but wonder if - in android - data goes out anyway. Does it? How secure or insecure should I feel? Thanks.

 

[electricpete]

how effective is using a firewall to protect one's data?

Nothing is 100% perfect, and that will certainly apply to your Firewall.
It's a moving target. Example recent news item:
http://bostinno.com/2012/12/19/malw...xy-s3-phones-vulnerable-to-app-based-attacks/
But it's much better than nothing.
Sorry cannot answer better.

 

[androidnewbie5]

That's pretty much what I thought.

Thank you.

 

[LiveWallpapers]

Just stick to the well known developers and avoid unknown and unpopular games and apps at least before reading the reviews...

 

[androidnewbie5]

Just stick to the well known developers and avoid unknown and unpopular games and apps at least before reading the reviews...

Wish it was that easy! Even wildly popular games like Angry Birds email home. Well known browsers like Dolphin, Boat Browser, etc. also send info home. Many apps want to sync to their clouds - which I do not do. Etc. etc. That is why I am using a firewall but am not knowledgeable enough about android to know of ways to bypass it.
I think everybody needs to be very careful with what they do on their phones, certainly nothing financial, but in the age of Facebook that advice is falling on deaf ears.

 

[Deleted User]

OP, you list Angry Birds as an app that "phones home". Do you have a link uncovering exactly what's getting emailed, or maybe an explanation from Rovio?

 

[hstroph]

A lot of apps do not really need web access and work fine without such access. With many android apps, especially games, browsers, and the like having spyware elements that phone home, how effective is using a firewall to protect one's data? I ask because I am not familiar with the inner workings of android and wonder if apps can bypass firewalls in android. I use Avast Mobile Security which includes a firewall but wonder if - in android - data goes out anyway. Does it? How secure or insecure should I feel? Thanks.

Be afraid, be very afraid ... it's healthy.

Since data transfers occur using the TCP/IP protocol (Dep't of Rendundancy Dept.), a firewall inspects each and every packet to see if it matches the filtering rules. I'm not familiar with your Avast product, but advanced firewalls like netfilter can be customized to any degree desired by a knowledgeable user.

Let's say your "Married Birds" app needs to store your settings, score and gaming partners in the "cloud", so you grant your app such an "outbound" firewall rule. If the permissions on such a game allow it to collect location, contacts info or anything else, then those also are allowed to be transmitted outbound through the firewall.

There are also "inbound" rules to be considered ... will Google be allowed to "push" updates? Will your web-based cerberusapp.com be allowed to communicate with the phone's cerberus app after the phone gets stolen or misplaced?

Does the firewall app make pre-programmed assumptions about native apps firewall rules?

Such apps as Avast, McAfee et.al. presume little if any knowledge on the part of the user and might present popup dialogs any time such inbound/outbound decisions need to be made. Answering "Allow" may not necessarily function as one expects though, and may not necessarily protect your sensitive data.

So .... be afraid.

 

[androidnewbie5]

I am familiar with real firewalls and have used them in other OSs. The one in Avast is not a very sophisticated one and I assumed that is the way they are in android. Any suggestions for a real firewall for use on an android phone?

Thanks.

 

[electricpete]

I use AFwall (which built upon Droidwall).
I'm not sure if it meets your definition of a real firewall or not, but I like it.

The advantages:
1 - very simple interface - set it up to allow or block each application individually.
2- No overhead of a running program or service (it modifies iptables, whatever that means).
3 - Logging capability to identify what was blocked.
4 - Free.

How effective:
Tough to know. Droidwall had a few known vulnerabilities (like a time window during the reboot period when applications were not blocked) that were fixed by AFwall. I don't think any vulnerabilities have been identified for AFwall yet... yet being the operative word.

There is also Pdroid which controls other privacy sensitive features besides internet access. Looks interesting and useful. But the installation procedure is so complicated that I haven't tried it.

 

[androidnewbie5]

I installed and looked at AFwall. Found it does no more than Avast Mobile Security's firewall. In fact the screens for which apps blacklists and whitelists are almost identical which reassures me to some extent. So will stay with Avast for now because of its other security features: lost phone alarm, distance deletions, etc.

Thanks for the suggestion. I appreciate it.

 

[Stephen_Mohos]

Firewalls block access to the internet but they are not 100% effective, some spyware apps will get through.


Here is what seems to work for me:

First of all, I disable ipv6 and only use ipv4 in android mobile data in access point names in settings. If the android installation does not allow doing so in thw current profile i just create and select a new profile with everything the same except for ipv4/ipv6 or ipv6 being changed to ipv4. The reason for this is because not all anti spyware apps work well with the ipv6 protocol. There are articles on how to find access point names In settings online and creating a new profile is as simple as copying the data in the current profile.

In addition to afwall+ or another firewall (whichever works better on the device I am using although I have a preference for afwall+) I install classyshark 3xodus, adaway, blokada, autostarts, shelter and net monitor.

In autostarts I disable start at boot and start after boot for apps that do not require it in order to function. Of course, I leave vital system apps unchanged.

In the firewall I block any apps that do not require internet access to function. There are two groups of system apps listed together. The group with settings as one of the apps is required for internet access so I leave that unchecked. I block the group with phone services in it without issues.

Blokada is a dns proxy that can also block things listed in predefined hosts files. In this program I set the dns server of choice to one of my preference (I do not know which one is the most private but any of them would be better for privacy than google's dns server or the ISP's dns server).

For auditing and blocking apps that bypass the firewall I install adaway and net monitor. This will sound a bit complicated but is simple enough once you tried it out and once set up you can audit an app for access to spyware servers in just 2 to 3 minutes. Adaway is generally an ad blocker but these two apps have a logging feature. In adaway you have to first enable ad blocking and then tap on the menu icon at the top left, then log dns requests, tap enable logging and then tap show results. In net monitor you have to tap the menu icon at the top left, then history, then the icon at the bottom right and then select which apps you want logged. After that tap the menu icon and then Main, then tap the icon at the lower right to start monitoring. Note: the logging in adaway and.the monitoring in net monitor do.not.start automatically, you will have to start them any time you want network connections logged. After doing that, start the app you suspect to be spyware and after a few minutes check net monitor to see if the app has accessed the internet and what ip addresses were accessed. Do not have a web browser running while logging ibternet connections, it will access and prefetch various web sites and it would be come hard to determine what is the browser and what is not. if anything shows up in the history in net monitor that is an actual ip address for any app in net monitor then you check adaway's logging to see if any dns queries occurred. To do this tap on show results under.logging (if you have not done so) and swipe down from the top to show the latest dns queries. You can use a web browser.and type "what is (enter web address listed in adaway here)" to do a web search and identify the web address to determine whether or not it is spyware or if the app is supposed to be blocked by the firewall block all of the dns queries from the app (if you are certain they came.from.thia app and are web addresses used by spyware) by tapping the block icon (circle with a line through it) beside the dns query. After that tap Apply at the bottom right corner and give adaway time to build the hosts file. When it is done, reboot your device so the changes can take effect. You may have to repeat checking an app several times because it may be programmed to access a different server if the current server is blocked. after that you can try having logging enabled every time you use the app for awhile to make sure it is completely blocked.

For spyware apps you can not find alternatives for you can try installing Shelter and using it to clone apps to a work profile and uninstall or disable them outside the work profile. A work profile reduces data access by apps to the apps and files outside of the work profile and thia can work if the spyware app needs internet access to be useful or if you want to play games but keep the spyware games from accessing your data.

Classyshark 3xodus examines apps individually for known trackers and reports them, you can use this app to see which apps send data to third party telemetry servers. Warning: you can not unsee it, results can be disturbing. Just select the app, then give classyshark 3xodus a minute to scan the app and display results.

Of course, having an app that prevents selected apps from running in the background is also helpful, I suggest it. I just do not know which app is the best one to use.


Privacy is not an installation, it is a process with a learning curve. What I posted are suggestions and these days it takes some work to not always be under a corporate microscope. However, once this is achieved without losing anything you need it can feel quite liberating.