Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,780,683 Members 53,102 Now Online
XDA Developers Android and Mobile Development Forum

[kernel] Do we need data security (aka a working firewall)?

Tip us?
 
kuhine
Old
(Last edited by kuhine; 27th May 2012 at 10:06 PM.)
#1  
Junior Member - OP
Thanks Meter 2
Posts: 25
Join Date: Jun 2010
Default [kernel] Do we need data security (aka a working firewall)?

Dear kernel developer,

do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"

Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"

Sure?

In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).

Solution:

There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:

DROIDWALL ( h ttp://code.google.com/p/droidwall/ )

But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')

I found only one working kernel+rom, which is DroidWall compatible: "Six OClock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).


Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.


Kind Regards
 
divvet
Old
#2  
Member
Thanks Meter 0
Posts: 91
Join Date: Feb 2010
Location: Leicster
i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.
 
mercianary
Old
#3  
mercianary's Avatar
Senior Member
Thanks Meter 69
Posts: 722
Join Date: May 2010
Location: Brum
What about using the phone as a hardware firewall for your laptop when on public wifi?

I'd have no use for it personally but I am sure others might.
 
dieselboy
Old
#4  
dieselboy's Avatar
Senior Member
Thanks Meter 11
Posts: 455
Join Date: Jan 2008
You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.

You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.

Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...
 
safttuete
Old
#5  
Junior Member
Thanks Meter 0
Posts: 8
Join Date: Feb 2009
Default iptables

Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall
 
kuhine
Old
(Last edited by kuhine; 27th May 2012 at 10:06 PM.)
#6  
Junior Member - OP
Thanks Meter 2
Posts: 25
Join Date: Jun 2010
Quote:
Originally Posted by kuhine View Post
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr
OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).

But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.

- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"

And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions

Please look to the Droidwall site and the screenshot of the software.

Regards
 
kuhine
Old
(Last edited by kuhine; 27th May 2012 at 10:05 PM.)
#7  
Junior Member - OP
Thanks Meter 2
Posts: 25
Join Date: Jun 2010
Quote:
Originally Posted by safttuete View Post
Actually Andorid has a Firewall installed, its called iptables.
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?

Droidwall is only a graphical frontend for iptables! Not more.


Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.

I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.

What is so scary to select out some applications from sending data?
And with a working iptables we can do so.



Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
 
uTauro
Old
#8  
Junior Member
Thanks Meter 0
Posts: 21
Join Date: Sep 2007
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
 
Brut.all
Old
#9  
Recognized Developer
Thanks Meter 333
Posts: 1,467
Join Date: Jul 2009
@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.

Quote:
Originally Posted by uTauro View Post
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.
G+ | apktool | Ingress broot mod | Brut Google Maps (dead)

If you like me you can buy me a droidburger!
 
kuhine
Old
(Last edited by kuhine; 27th May 2012 at 10:05 PM.)
#10  
Junior Member - OP
Thanks Meter 2
Posts: 25
Join Date: Jun 2010
Hello all,

today I saw the message, that a wallpaper app sent private information to their server in china:

h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/


In the meantime I choose this rom with "DROIDWALL" firewall support:

[ROM-FroYo AOSP] OpenDesire v2.3a


And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.

Tags
droidwall, firewall, iptables, kernel, security
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Secrecy App Goes Open Source, New LG Android Wear Device! – XDA Developer TV

Secrecy encryption app goes open source! That and much … more

Pushbullet Updated with SMS Send Ability

Pushbullet is one of thoseapplications that every Android lover should have installed on his or … more

[OTA] Nvidia Shield Tablet Receives its First Update

The Nvidia Shield Tabletis the latest toy from one of the largest desktop graphics … more

Quick Control Panel Updated, Adds Notification Support

As some of you may remember, earlier this year we spoke about Quick Control Panel by … more