• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 447 30.8%

  • Saving battery

    Votes: 311 21.4%

  • Increasing privacy

    Votes: 795 54.8%

  • Blocking ads

    Votes: 936 64.5%
  • Total voters
    1,452
Search This thread
By:
Advanced…
Primokorn

Primokorn

Senior Member
Nov 17, 2012
11,464
7,709
M66B said:
Primokorn can you please try if you have the same problem with one of the no root firewalls from the Play store?
Click to expand...
Click to collapse
You are right. Same FC with NoRoot firewall app (VpnDialogs). I'm using Temasek rom which is pretty far from stock. I'll try again with another custom rom.

Sent using XDA One
 
  • Like
Reactions: TziMmysGr
Primokorn

Primokorn

Senior Member
Nov 17, 2012
11,464
7,709
M66B said:
Thanks for reporting back.

I will try if I can detect/catch this error. Are you willing to test this? I can work on this later this week.
Click to expand...
Click to collapse
No issue on Exodus rom. Do you know why NetGuard doesn't show up in the list of AFWall? Actually I have no control over NetGuard.
I'll keep Temasek rom for a while so you can count on me for your tests.
 
U

uncle_no_need_to_reply

New member
Oct 29, 2015
2
1
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:
 
M66B

M66B

Recognized Developer
Aug 1, 2010
25,129
52,634
uncle_no_need_to_reply said:
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:
Click to expand...
Click to collapse
Are you sure you did distinguish between regular internet traffic and traffic routed into the VPN sinkhole?

Else this would be bad and an annoying Android limitation.

Edit: to be sure, I will add debug logging to see what is being routed into the VPN sinkhole (only in special builds, since decoding TCP/IP packets will use battery power).

Edit: I have added debug logging for connection requests in the sinkhole. Could you please build a version of NetGuard with this enabled and check what happens?
 
Last edited:
  • Like
Reactions: cajun86, datdirtyscrew and DrummerMuppet
pulser_g2

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,537
11,595
uncle_no_need_to_reply said:
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:
Click to expand...
Click to collapse

This is very interesting here - I didn't find this the case. I tested it out by blocking almost everything, and then trying to tether my device. It wasn't possible to do wireless tethering (which is a system function), with NetGuard enabled.

In my "data usage" screen, I don't see any apps listed which aren't whitelisted by me. Out of interest, what device are you using here? I wonder if some OEM is preventing "their" apps from talking over the VPN? If so, that would be a fairly major data leakage, as it would mean a corporate VPN intended to make it safe to use public WiFi, would be getting bypassed on a routine basis.

I did a quick experiment here - Xperia Z2 on 5.1. I unfroze Sony Account Manager (some app that's built into the ROM to let you log into a Sony account). I have it blocked in NetGuard. I then tried to add a Sony account, and it freezes on "Loading". It didn't get anywhere, and I left it for a long time. So it seems to be working here on system apps at least.
 
bagarwa

bagarwa

Senior Member
Feb 18, 2012
1,178
2,745
Bothell
play.google.com
Jeff_i said:
Is it (technically) possible to add "on-demand" feature ?
Maybe something close to how LBE works ... Yes/No/Don't ask again
Suggestion...
Click to expand...
Click to collapse

Is the LBE's firewall actually working for you? I get the prompt to allow / deny WiFi access when I launch the app (say, Chrome for example). But even if I deny, the app is still able to access internet. i.e. the deny isn't working. I tested this right before installing NetGuard.

Nexus 5, Stock 6.0, ElementalX, Rooted.
 
M66B

M66B

Recognized Developer
Aug 1, 2010
25,129
52,634
bagarwa said:
Is the LBE's firewall actually working for you? I get the prompt to allow / deny WiFi access when I launch the app (say, Chrome for example). But even if I deny, the app is still able to access internet. i.e. the deny isn't working. I tested this right before installing NetGuard.

Nexus 5, Stock 6.0, ElementalX, Rooted.
Click to expand...
Click to collapse
Please discuss LBE elsewhere.
 
  • Like
Reactions: datdirtyscrew and bagarwa
You must log in or register to reply here.

Similar threads

I
[APP][6.0+] RethinkDNS: Anti-Censorship + Adblocker + Firewall [open source] [no root]
Replies
80
Views
18K
Nastrahl
Nastrahl
AdLocker
[APP][4.0.3+]Umbrella - No Root Ad Blocker + Firewall
Replies
3
Views
2K
AdLocker
AdLocker
L
[APP] [8.0+] NoRoot Firewall and NetGuard both not preventing data usage of System Ap
Replies
1
Views
1K
L
likesunnydays
L
[APP][2.1+] Root Firewall - an Internet firewall for rooted devices
Replies
1
Views
5K
G
Godyn
U
[APP][4.0.3+] Umbrella - No Root Ad Blocker, Antivirus and Firewall
Replies
9
Views
4K
leechseed
leechseed

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 7
    M66B
    M66B
    Version 2.300 is available on Bitbucket now.

    Download:
    https://bitbucket.org/M66B/netguard-test/downloads/NetGuard-v2.300-release.apk

    There will be no update notification for this preview release.

    Changelog:
    • Improved Android 12 compatibility
    • Removed subscriptions (due to new Play store policies)
    • Updated builds tools and translations
    All changes:

    https://github.com/M66B/NetGuard/compare/2.299...2.300?w=1
    View
    2
    M66B
    M66B
    iwanttoknow said:
    Hi Marcel,

    I understand that NetGuard is no more available on GitHub but on Bitbucket.

    Is this new version 2.300 a stable or beta version ? It's not indicated when trying downloading it.
    Click to expand...
    Click to collapse
    The Bitbucket version is a preview version. It will be made available on GitHub later.
    View
    2
    F
    FFW
    Hi there,

    first of all a big thanks @M66B for Netguard. I almost immediately bought the premium version after I got my new phone and decided to try going root-less and replace AfWall+ with it for a while. And from what I can tell it runs perfectly fine since some months :)

    I really love the integrated ad-blocking feature and let Tasker update my blocklist via service intent. In that way, Netguard both replaces AfWall+ and my VPN to my Pi-Hole at home with only minimal restrictions (not being able to access my Shaarli instance at home for example if I am away), since the Wireguard app sadly does not support Socks5 :rolleyes:.

    I have one question though which I could not find in the app FAQ or in this thread: Is it also possible to append a local hosts file via a second service intent or shell command after the main hosts file has been updated?
    View
    1
    M66B
    M66B
    f465gt said:
    Hi,
    NetGuard does not request access rights for storing data thus I can't grant permission. This is the same for all of my devices and it is working on the others.
    Is there some sort of if-then condition to enable or disable those buttons?
    Click to expand...
    Click to collapse
    Please read the res of the referenced FAQ too and skip the part of the storage permissions.

    The FAQ is for FairEmail, but the problem is similar.
    View
    1
    M66B
    M66B
    ands2 said:
    Any chance for a root-version of NetGuard to get it working without VPN?
    Perhaps as Magisk module or donation-feature?


    Short notice: As I was looking for a firewall app I also found this one.
    It is using your app description. Perhaps just the description or also your codebase with different interface ui.

    Firewall Adblocker - No Root Firewall - Apps on Google Play

    No root firewall to block all ads and Remove...
    play.google.com play.google.com
    Click to expand...
    Click to collapse
    I have no plans for a root version, sorry.

    The referenced app is most likely based on the code of NetGuard, without permissions ...
    View
  • 348
    M66B
    M66B
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    View
    25
    M66B
    M66B
    Reserved
    View
    25
    M66B
    M66B
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    View
    17
    M66B
    M66B
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    View
    17
    M66B
    M66B
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.
    View

New posts