1. Check out our companion app, Forums for Android! Download from Google Play

Internet firewall?

Discussion in 'Android Devices' started by ifb-online, Jun 21, 2010.

  1. ifb-online

    ifb-online Well-Known Member
    Thread Starter
    78

    Mar 29, 2010
    725
    52
    78
    Male
    Journalist and publisher
    Hemel Hempstead, UK
    As phones like the Desire can be online a lot, should we all be using Internet firewalls to prevent unwanted attention from hackers, etc.?

    Ian
     

    Advertisement

  2. wuthton

    wuthton Well-Known Member
    43

    Aug 18, 2009
    378
    27
    43
    Yorkshire, UK
    I think that it is fairly unlikely that anybody will want to hack into your phone.

    If you are talking about viruses, trojans etc then, as Android is built from a Linux base it is inherently more secure than Windows, you have to physically install a virus yourself.

    Basically you do not need firewalls/virus scanners your main precaution is not to download apps from outside the Market unless you are sure it is a reputable source. Dodgy app sites are the most likely place you can pick up some malicious software.
     
  3. ifb-online

    ifb-online Well-Known Member
    Thread Starter
    78

    Mar 29, 2010
    725
    52
    78
    Male
    Journalist and publisher
    Hemel Hempstead, UK
    I already have an anti-virus app that scans installed files for embedded threats - (my understanding that these are more of a threat to a PC that is connected to the phone) but I would have thought that a network firewall would be a sensible precaution?

    Ian
     
  4. SUroot

    SUroot Well-Known Member
    1,123

    May 25, 2010
    23,925
    5,304
    1,123
    UK Technical Lead; Desktop Support
    Riddlesden, West Yorkshire, UK
    They do exist. panda, droid wall, android firewall.
     
  5. ifb-online

    ifb-online Well-Known Member
    Thread Starter
    78

    Mar 29, 2010
    725
    52
    78
    Male
    Journalist and publisher
    Hemel Hempstead, UK
    The firewalls I have had a brief look at seem to be focused on call functions rather than Internet security?

    Ian
     
  6. SUroot

    SUroot Well-Known Member
    1,123

    May 25, 2010
    23,925
    5,304
    1,123
    UK Technical Lead; Desktop Support
    Riddlesden, West Yorkshire, UK
    I don't think you would need one...

    This is interesting...

    "Security Architecture

    A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails), reading or writing another application's files, performing network access, keeping the device awake, etc.

    An application's process runs in a security sandbox. The sandbox is designed to prevent applications from disrupting each other, except by explicitly declaring the permissions they need for additional capabilities not provided by the basic sandbox. The system handles requests for permissions in various ways, typically by automatically allowing or disallowing based on certificates or by prompting the user. The permissions required by an application are declared statically in that application, so they can be known up-front at install time and will not change after that."




    Security and Permissions | Android Developers
     
  7. joll200x

    joll200x Member
    15

    May 4, 2010
    19
    0
    15
    Senior technical engineer
    UK
    in short, there's little chance of any network based attacks effecting any mobile device (unless it's launched by another mobile device on the same network segment). If you look at the IP address you get on your device, it will probably fall into one of the RFC1918 private address spaces, which aren't accessible from the 'internet'. Plus I doubt there are many services running on the device which are listening and able to be connected to anyway?
     
  8. Linux has (so assuming Android has) a firewall built in already, it's called iptables.
     
  9. TonyXL

    TonyXL Active Member
    16

    Jul 16, 2010
    34
    3
    16
    Northern Virginia
    Only DroidWall seems to be able to block internet traffic, the others only block phone/SMS. Unfortunately, DroidWall requires root.

    I think a firewall would be very handy. For example, LauncherPro has full access to your Gmail, and also has internet access permission. The devs claim that the internet access is only to enable the "Plus" features. But what's to stop them from going rogue and secretly forwarding small amounts of data from your Gmail to their server in Argentina? It would be great for a firewall program to alert you whenever an app (like LauncherPro) is accessing the internet.
     
  10. partridge

    partridge Well-Known Member
    78

    Jun 1, 2010
    558
    57
    78
    Actually, The Register ran a report today about an SMS trojan that offers you a game via a link that if installed causes the phone to fire off texts to premium rate text services.

    However, as was pointed out in the comments, this can only work IF you've ticked the box to allow untrusted apps to be installed (by default it is off) and it also requires you to be stupid enough to install something from an untrusted source in the first place :)

    Personally I'm not too worried about this, but anyone installing apps should always make sure they look at the red text to see what access the app has to the phone, I saw one app that wanted access to my contacts, but the purpose of the app had nothing to do with that side of my phone so I didn't install.
     
  11. w.maddler

    w.maddler Member
    16

    Aug 11, 2010
    19
    3
    16
    @wuthton: don't understimate mobile device's security relevance. They became not that different from a normal PC, at least from a "contents" point of view. I mean, most likely you use it to access your bank account, your email and whatever.

    As an example, your HTC Desire will always have ADB listening on port 16650. Are you sure no one at your office/school will ever be able to gain access to your device using an ADB flaw? ;)

    Another example, even more real and easier to find, what if you install a rogue app posing like being a innocuous one and instead being used by some black-hat in order to perform illegal activities (e.g. running a darknet)?

    Cheers,
    William
     
  12. mahkee

    mahkee Member
    15

    May 4, 2010
    13
    0
    15
    that
    cincy
    DroidWall I think might be what I am looking for, I wish there was a way to edit what an app has access to though :(
     
  13. ojosch

    ojosch Member
    6

    Apr 15, 2010
    7
    8
    6
    I just bought a used iPod touch on ebay for real cheap the other day for kicks (only $62) just to play around with since I've always been such an Android fan since I got my Droid, so I just wanted to see what I might be missing since I had never really used iOS before (so far I don't like it much at all since its UI is just too simple for me and doesn't offer much customization ability).

    But, I did stumble across a really good firewall in the Cydia Store today (it's jailbroken), the app's called IP Firewall. It works superb. I don't know if it uses iptables or not (it may, since it is a unix based OS), but after using it, I wish I could figure out how to port it over to Android though. It is that good. It gives you the classic prompt at each outgoing connection attempt and asks you how you want to handle it, and it gives you every possible option to choose from like: 'App1' tries to contact (port 80): m.example-url.com , options are: Allow once, Allow session, Allow all sessions, Always allow, Allow all connections for this app, Deny once, Deny session, Deny all sessions, Always Deny, Deny all connections from this app, Globally allow this URL on OS, and finally, Globally deny this URL on OS.

    I might go email that dev who made and ask if he'd be up to porting it over to Android. But for now, I'm going to try Droidwall out and see how it works. It doesn't have as many allow / deny choices, but it might at least work to kill the apps that I know have no business connecting to the www.
     
  14. admit

    16

    Apr 29, 2011
    26
    2
    16
    Message originally posted
     
  15. andybog

    andybog Guest

    Avast mobile internet security has a firewall but you do need to be rooted for it to work. You can deny any app outbound access, no idea if it blocks inbound connections though. It has been antivirus/malware tested against other solutions by av-test.org and came out on top, has loads of features eg anti theft, track device, wipe device remotley and can be made hard reset proof......its also free!

    Denying permissions an app has can be done using 'permissions denied' app. why does angry birds need to know where i am? Turn off a permission and test if the app can still work, some will just force close. All in the app is a bit hit and miss but works most of the time.....only works for user apps NOT system apps.

    Combine the two is best, if an app doesnt need internet access e.g angry birds, block it with the firewall and who cares if it knows where you are, it cant do anything with the data because its blocked via the firewall.
     
Tags:

Share This Page

Loading...