[CLOSED][APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 470 30.6%
  • Saving battery

    Votes: 330 21.5%
  • Increasing privacy

    Votes: 850 55.4%
  • Blocking ads

    Votes: 989 64.4%

  • Total voters
    1,535
Status
Not open for further replies.
Search This thread

cobben

Senior Member
Nov 13, 2016
317
86
For access to special connections, carrier privileges are needed, which are not available to user apps for security reasons:

https://source.android.com/devices/tech/config/carrier

However, it is possible to query for all special connections, see here for all details:

https://developer.android.com/reference/android/net/NetworkCapabilities

What would be interesting to find out here, is if any apps - whether system, NSA, FCB, or random Chinese spyware :cool:- can use this data connection for something other than setting up emergency calls.

Not being an Android developer, with no knowedge of how all this actually works, I think it is best to assume that everyone who wanted a backdoor in my device has put one there.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,997
What would be interesting to find out here, is if any apps - whether system, NSA, FCB, or random Chinese spyware :cool:- can use this data connection for something other than setting up emergency calls.

Not being an Android developer, with no knowedge of how all this actually works, I think it is best to assume that everyone who wanted a backdoor in my device has put one there.
Assuming the device is not rooted, only the manufacturer can install software to use the special connection types. So, basically it boils down to the question if you trust the manufacturer.
 

netguarduser

Senior Member
Sep 17, 2016
198
38
Well, I assume you have control over the possibility of something in your device making an internet connection through the USB, bluetooth, and wifi.

If you have verified that these are not available to your device, then -

What remains is the cell radio modem.

I did mention previously that even without a simcard the modem will establish a 3G HSPA+ connection, without any trace of that activity appearing in Netguard.

No user accessible app that I know of can use that data connection, but obviously something has access to it or it could not have been established in the first place.

I don´t think that the connection is made this way, because when I "only use Wifi" then the source connection is from my Wifi local IP, or internal IP 192.168.1..., and when I use "4g only" then the source connection is an IANA address: 10.144.178.114
https://dnslytics.com/ip/10.144.178.114

So, the source address isn´t always from 4g, nor from my real IP, only from my local IP.
 

gangrenius

Senior Member
Feb 23, 2016
909
207
Google Pixel 6 Pro
Did you set VPN DNS addresses or are you using by default those given by the ISP DHCP server?


I didn't change anything from Android 9 on my OnePlus 7 pro except upgrade to Android 10.

I have the international version.

It's the normal settings nothing is changed. I can't understand why it's doing this

---------- Post added at 02:44 AM ---------- Previous post was at 01:59 AM ----------

Did you set VPN DNS addresses or are you using by default those given by the ISP DHCP server?


I did not change anything I simply upgraded from Android 9 on the OnePlus 7 pro international to the Android 10 update everything was left normal.
Such as filtering and UDP traffic nothing was customized or anyting it was working on 9 and now it doesn't work on 10
 

La_Globule

Senior Member
Nov 6, 2007
461
185
I didn't change anything from Android 9 on my OnePlus 7 pro except upgrade to Android 10.

I have the international version.

It's the normal settings nothing is changed. I can't understand why it's doing this

I've got the same issue as you (adblocking didn't work although everything was set) just after a monthly patch (not an upgrade) and I solved the problem by setting two DNS addresses in NG.
Maybe you can give a try.
 

netguarduser

Senior Member
Sep 17, 2016
198
38
I asked someone to do the same I did and in this case he uses a smartphone with LineageOS and with Netguard + Net Monitor.

The result is the same: connection to 2 Google servers, ipv6 and both were ESTABLISHED, 1 of them unencrypted and the other encrypted (like me) but in this case the domains are different than my result:

https://ibb.co/SVHMPmM

And another friend of mine with a Huawei mate 10 without Netguard doesn´t give any result to Google with Net Monitor...: weird.
 
  • Like
Reactions: Ines*

akib.javed

Member
Sep 29, 2019
25
4
Hi, I am using 'Shelter' app to isolate apps. Is there any option to block addresses of the particular apps using shelter?
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,997
Hi, I am using 'Shelter' app to isolate apps. Is there any option to block addresses of the particular apps using shelter?
You can try to install NetGuard in the Shelter, but be aware that this use case is not supported because too many Android version do not handle the VPN correctly in this situation.
 

cobben

Senior Member
Nov 13, 2016
317
86
I don´t think that the connection is made this way, because when I "only use Wifi" then the source connection is from my Wifi local IP, or internal IP 192.168.1..., and when I use "4g only" then the source connection is an IANA address: 10.144.178.114
https://dnslytics.com/ip/10.144.178.114

So, the source address isn´t always from 4g, nor from my real IP, only from my local IP.

What I was trying to get at, is how to isolate your device from any possible internet access under the booting up, before Netguard has had a chance to start up.

This is not trivial to do, depending on what wifis there may be near you, but especially wrt to which mobile operators may be available.

You can of course turn off WiFi in your device and put it in airplane mode, before rebooting it.

If things work as advertised, that should work and allow Netguard time to start up before you activate either the WiFi or the gsm network.

But there is no way to easily verify that neither WiFi nor the cell radio modem are activated surreptitiously by something in your device, i.e. without special monitoring equipment of some kind.

It does boil down to whether you trust the OEM manufacturer, the ROM you are running, and even Qualcomm I suppose.
 
Last edited:
  • Like
Reactions: netguarduser

netguarduser

Senior Member
Sep 17, 2016
198
38
What I was trying to get at, is how to isolate your device from any possible internet access under the booting up, before Netguard has had a chance to start up.

This is not trivial to do, depending on what wifis there may be near you, but especially wrt to which mobile operators may be available.

You can of course turn off WiFi in your device and put it in airplane mode, before rebooting it.

If things work as advertised, that should work and allow Netguard time to start up before you activate either the WiFi or the gsm network.

But there is no way to easily verify that neither WiFi nor the cell radio modem are activated surreptitiously by something in your device, i.e. without special monitoring equipment of some kind.

It does boil down to whether you trust the OEM manufacturer, the ROM you are running, and even Qualcomm I suppose.

Yes, I reboot the smartphone without internet in airplane mode.
But read what I posted before:
A smartphone with LineageOS + Netguard = the same result as mine with uid1000
A smartphone with Android without Netguard = no result or Google servers with uid1000

But, if Netguard doesn´t connect to Google, as Marcel said, then something weird must be happening...
 

cobben

Senior Member
Nov 13, 2016
317
86
Yes, I reboot the smartphone without internet in airplane mode.
But read what I posted before:
A smartphone with LineageOS + Netguard = the same result as mine with uid1000
A smartphone with Android without Netguard = no result or Google servers with uid1000

But, if Netguard doesn´t connect to Google, as Marcel said, then something weird must be happening...

As long as you don't have full control over the other devices, there is no way to run a controlled scientific test, and there is no way to know why different results are produced.
 
  • Like
Reactions: netguarduser

netguarduser

Senior Member
Sep 17, 2016
198
38
As long as you don't have full control over the other devices, there is no way to run a controlled scientific test, and there is no way to know why different results are produced.

Have you tested it?. It's just when you disconnect from internet and then connect again. In that moment check what Net Monitor will say in the first minutes.
I imagine you use Netguard.
Thanks

---------- Post added at 03:47 PM ---------- Previous post was at 03:45 PM ----------

As long as you don't have full control over the other devices, there is no way to run a controlled scientific test, and there is no way to know why different results are produced.

I'll check it in other smartphones without Netguard to see the result. And I'd like to know the results with Netguard running.
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 363
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and community supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.
    27
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    19
    NetGuard is currently in alpha testing phase.
    Please report any problems you encounter.

    It would be nice if someone could design an appropriate icon.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.