Cyngn, OnePlus, Micromax – The Legal Battle

Recently, a battle has been waging in India over the rights to distribute the commercial … more

Lean Mean Battery Power Saving App Review

We talk a lot about battery topics here at XDA TV. We talk about everything from Power Banks to USB … more

Android 5.1 Possibly Coming February 2015

Google released Android 5.0 just over a month ago, and since then Lollipop has been trying to … more

Double Tap to Wake on the Nexus 6 Without Root

A few weeks ago, we featured an app which allowed the Nexus 6 to regain the double tap to wake … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[kernel] Do we need data security (aka a working firewall)?

OP kuhine

11th July 2010, 08:02 PM   |  #1  
OP Junior Member
Thanks Meter: 2
 
25 posts
Join Date:Joined: Jun 2010
More
Dear kernel developer,

do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"

Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"

Sure?

In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).

Solution:

There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:

DROIDWALL ( h ttp://code.google.com/p/droidwall/ )

But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')

I found only one working kernel+rom, which is DroidWall compatible: "Six O´Clock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).


Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.


Kind Regards
Last edited by kuhine; 27th May 2012 at 11:06 PM.
11th July 2010, 10:05 PM   |  #2  
Member
Flag Leicster
Thanks Meter: 0
 
91 posts
Join Date:Joined: Feb 2010
More
i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.
12th July 2010, 12:09 AM   |  #3  
mercianary's Avatar
Senior Member
Flag Brum
Thanks Meter: 71
 
722 posts
Join Date:Joined: May 2010
More
What about using the phone as a hardware firewall for your laptop when on public wifi?

I'd have no use for it personally but I am sure others might.
12th July 2010, 01:40 AM   |  #4  
dieselboy's Avatar
Senior Member
Thanks Meter: 11
 
458 posts
Join Date:Joined: Jan 2008
You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.

You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.

Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...
12th July 2010, 10:35 AM   |  #5  
Junior Member
Thanks Meter: 0
 
8 posts
Join Date:Joined: Feb 2009
More
iptables
Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall
12th July 2010, 10:39 AM   |  #6  
OP Junior Member
Thanks Meter: 2
 
25 posts
Join Date:Joined: Jun 2010
More
Quote:
Originally Posted by kuhine

So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr

OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).

But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.

- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"

And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions

Please look to the Droidwall site and the screenshot of the software.

Regards
Last edited by kuhine; 27th May 2012 at 11:06 PM.
12th July 2010, 12:01 PM   |  #7  
OP Junior Member
Thanks Meter: 2
 
25 posts
Join Date:Joined: Jun 2010
More
Quote:
Originally Posted by safttuete

Actually Andorid has a Firewall installed, its called iptables.

That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?

Droidwall is only a graphical frontend for iptables! Not more.


Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.

I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.

What is so scary to select out some applications from sending data?
And with a working iptables we can do so.



Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
Last edited by kuhine; 27th May 2012 at 11:05 PM.
12th July 2010, 02:25 PM   |  #8  
Junior Member
Thanks Meter: 0
 
21 posts
Join Date:Joined: Sep 2007
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
13th July 2010, 01:08 PM   |  #9  
Recognized Developer
Thanks Meter: 338
 
1,467 posts
Join Date:Joined: Jul 2009
More
@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.

Quote:
Originally Posted by uTauro

I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.

It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.
29th July 2010, 11:21 PM   |  #10  
OP Junior Member
Thanks Meter: 2
 
25 posts
Join Date:Joined: Jun 2010
More
Hello all,

today I saw the message, that a wallpaper app sent private information to their server in china:

h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/


In the meantime I choose this rom with "DROIDWALL" firewall support:

[ROM-FroYo AOSP] OpenDesire v2.3a


And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
Last edited by kuhine; 27th May 2012 at 11:05 PM.

Post Reply Subscribe to Thread

Tags
droidwall, firewall, iptables, kernel, security
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes