[kernel] Do we need data security (aka a working firewall)?

Search This thread
By:
Advanced…
K

kuhine

Member
Jun 6, 2010
27
2
Dear kernel developer,

do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"

Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"

Sure?

In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).

Solution:

There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:

DROIDWALL ( h ttp://code.google.com/p/droidwall/ )

But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')

I found only one working kernel+rom, which is DroidWall compatible: "Six O´Clock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).


Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.


Kind Regards
 
Last edited:
D

divvet

Senior Member
Feb 27, 2010
91
0
Leicster
i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.
 
mercianary

mercianary

Senior Member
May 30, 2010
728
75
Brum
What about using the phone as a hardware firewall for your laptop when on public wifi?

I'd have no use for it personally but I am sure others might.
 
dieselboy

dieselboy

Senior Member
Jan 18, 2008
540
20
You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.

You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.

Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...
 
S

safttuete

Member
Feb 6, 2009
8
0
iptables

Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall
 
K

kuhine

Member
Jun 6, 2010
27
2
kuhine said:
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr
Click to expand...
Click to collapse

OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).

But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.

- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"

And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions

Please look to the Droidwall site and the screenshot of the software.

Regards
 
Last edited:
K

kuhine

Member
Jun 6, 2010
27
2
safttuete said:
Actually Andorid has a Firewall installed, its called iptables.
Click to expand...
Click to collapse

That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?

Droidwall is only a graphical frontend for iptables! Not more.


Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.

I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.

What is so scary to select out some applications from sending data?
And with a working iptables we can do so.



Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... ;) without switching to flight mode)
 
Last edited:
U

uTauro

Member
Sep 19, 2007
22
0
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
 
B

Brut.all

Inactive Recognized Developer
Jul 27, 2009
1,471
353
@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.

uTauro said:
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
Click to expand...
Click to collapse

It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.
 
K

kuhine

Member
Jun 6, 2010
27
2
Hello all,

today I saw the message, that a wallpaper app sent private information to their server in china:

h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/


In the meantime I choose this rom with "DROIDWALL" firewall support:

[ROM-FroYo AOSP] OpenDesire v2.3a


And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
 
Last edited:
Daelyn

Daelyn

Senior Member
Dec 17, 2006
671
155
kuhine said:
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
WiHerr
Click to expand...
Click to collapse


Checked ANDFIRE out. Seems to work fine on my DeFrost 2.2c release. Will check it out further. Interface looks very similar to DroidWall and that also seems to work fine on my device.

Will have to investigate further, but it's a good idea to get it working.
 
B

bertrand13

Senior Member
Jul 9, 2008
59
7
Marseille
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?

Droidwall is only a graphical frontend for iptables! Not more.


Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.

I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.

What is so scary to select out some applications from sending data?
And with a working iptables we can do so.

WiHerr


Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... ;) without switching to flight mode)
Click to expand...
Click to collapse

May be you should have a look for LBE privacy....
 
You must log in or register to reply here.

Similar threads

coriron
[Tutorial] Adb Driver Android 1.0 Install
Replies
52
Views
429K
H
hit85
S
Froyo update rolling out this week(end)
Replies
2K
Views
339K
A
antu_pogroms
I
[CAUTION] New HTC Desire model spotted. PVT4 - S-OFF: works (AlphaRev 1.8)
Replies
435
Views
207K
M
Mato_K
ohyeahar
Flaws & annoyances with the HTC Desire (with workarounds!) [updated Aug 4, 2010]
Replies
875
Views
342K
A
antolica
N
Data connection problem on my HTC Desire
Replies
186
Views
89K
E
EazyLuke

New posts