Firewall Software for Android ?

  • SpinRite v6.1 is Released!
    Guest:
    That's right. SpinRite v6.1 is finished and released. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Announcing “BootAble” – GRC's New Boot-Testing Freeware
    Please see the BootAble page at GRC for the whole story.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)


Intuit

Well-known member
Dec 27, 2020
80
21
Coming from Windows Mobile, I am completely new to Android. (busy stripping OEM crap out of my new phone now)

Anyway, my question is, do you have experience with firewall products that perform like these?
That means, an ability to review logs and tailor rules without stupid restrictions.

I've had some experience with other Windows products that literally ignore and/or rewrite rules on errant assumptions such as, users won't know what they're doing or/and don't want to block their own phone-home traffic. Nothing annoys me more than products like those.

Thanks.
 
Last edited:
I have removed my content
 
Last edited by a moderator:
Interesting; thanks. I'll have to learn IPTables. (been putting that off for awhile LoL) Ooh... look'n it up now https://app.itpro.tv/course/linux-xk0004/filtering-trafficiptables ...

1613848721265.png
 
I have removed my content
 
Last edited by a moderator:
I should have added that, in order to use AFWall+, you have to be rooted. (I kinda assume that everyone in this forum roots their Android phones.)

There is a non-root firewall that I use on my (yikes) Tracfone. But it's not very good in that it won't stop google from spying on you.
Thanks for the additional info. @Barry Wallis is right. 😄 Still in the process of answering a few million questions LoL.

First thing I do with any computer from HP/Dell/Asus/Toshiba is use PnPUtil to export the drivers from the OEM O/S, format the partition, (not the drive,) go directly to Microsoft and load a fresh O/S from a bootable Flash drive. There are literally zero risks/consequences from doing this and the time required is minimal. Looking to find out whether it's possible/practical to do the same with the phone... export the OEM drivers, wipe it and install an O/S directly from Google and whether there are any risks/consequences? (not buying an expensive Pixel phone)

Not entirely firm on what it means to run rooted or how it differs from jailbreak. Obviously have more access to the file and operating system. I suspect jailbreak just refers to an ability to run unsigned apps from outside Google's App Store.
I'd imagine one can sideload unsigned code in developer mode but I guess the phone leaves developer mode the minute it's restarted; at which point those apps won't run?
The sites often discuss rooting as if it's permanent. Looking to answer whether that's necessarily the case?

Does rooted simply mean that you're running an unsigned bootloader and/or kernel?
Is it correct to say that apps running on a rooted phone won't necessarily have any more access than those on one that isn't rooted?
A rooted phone will still be able to auto-update?
 
I have removed my content
 
Last edited by a moderator:
Android isn't just like Unix, it IS Linux, just with a Java based phone UI on top. For example, on my Nexus 6P, long out of support, and stuck on Android 8, in the "About phone" page it says Android version 8.1.0 Kernel Version 3.10.73-g309d642 (gcc version 4.9.x-google 20140827(prerelease) (GCC) ) android-build@abfarm909 #1 Thu Oct 11 19:39:39 UTC 2018

That's a hella version, but that means it's based on Linux kernel 3.10.73. (For now... Google is working on their next project named Fuchsia. https://www.forbes.com/sites/barryc...roid-replacement-fuchsia-moves-a-step-closer/ )

Anyway, rooting the phone means enabling code to be able to run as root. This is a benefit, and a danger. I would NOT root my phone, because it gives the opportunity to malware to get root too.
 
I have removed my content
 
Last edited by a moderator:
I should have added that, in order to use AFWall+, you have to be rooted. (I kinda assume that everyone in this forum roots their Android phones.)

There is a non-root firewall that I use on my (yikes) Tracfone. But it's not very good in that it won't stop google from spying on you.
I've never rooted my Android phones. Don't understand why I'd want to. My wife and I both use Tracfone - she has a Galaxy A51 and I have a Pixel 4a. Each of us pays less that $20/month for our service.
 
I suggest turning on Private DNS (an Android system configuration setting somewhere in the Networking section) and using NextDNS with it. You will need to setup a free account at nextdns.io. NextDNS has optional logs and you can also setup white and black lists for domains where the default behavior is not what you want. And, they defend against CNAME cloaking.

The NextDNS logs are on their website, for logs on the Android device itself, I suggest Intra, a DNS app from Google. It can be configured to use NextDNS.
 
Adguard is the best I have found https://adguard.com/en/welcome.html

I have tried many and this is the best all around...it also includes a free VPN of free 3GB of use each month.... no other is better than this one...trust me just try it and test it... You can also encrypt your DNS...

Aside from that the most invasive of them all is "Google Play services" this services even uploads your GPS location constantly using Google maps... without your permission. You know Google maps is free so it is installed by default in all androids.

You cannot disable that service from your phone so you need to disable it from a computer...
 
Last edited by a moderator: