• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 447 30.8%
  • Saving battery

    Votes: 311 21.4%
  • Increasing privacy

    Votes: 795 54.8%
  • Blocking ads

    Votes: 936 64.5%

  • Total voters
    1,452
Search This thread

Primokorn

Senior Member
Nov 17, 2012
11,464
7,709
Primokorn can you please try if you have the same problem with one of the no root firewalls from the Play store?
You are right. Same FC with NoRoot firewall app (VpnDialogs). I'm using Temasek rom which is pretty far from stock. I'll try again with another custom rom.

Sent using XDA One
 
  • Like
Reactions: TziMmysGr

Primokorn

Senior Member
Nov 17, 2012
11,464
7,709
Thanks for reporting back.

I will try if I can detect/catch this error. Are you willing to test this? I can work on this later this week.
No issue on Exodus rom. Do you know why NetGuard doesn't show up in the list of AFWall? Actually I have no control over NetGuard.
I'll keep Temasek rom for a while so you can count on me for your tests.
 
Oct 29, 2015
2
1
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:
 

M66B

Recognized Developer
Aug 1, 2010
25,129
52,634
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:
Are you sure you did distinguish between regular internet traffic and traffic routed into the VPN sinkhole?

Else this would be bad and an annoying Android limitation.

Edit: to be sure, I will add debug logging to see what is being routed into the VPN sinkhole (only in special builds, since decoding TCP/IP packets will use battery power).

Edit: I have added debug logging for connection requests in the sinkhole. Could you please build a version of NetGuard with this enabled and check what happens?
 
Last edited:

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,537
11,595
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:

This is very interesting here - I didn't find this the case. I tested it out by blocking almost everything, and then trying to tether my device. It wasn't possible to do wireless tethering (which is a system function), with NetGuard enabled.

In my "data usage" screen, I don't see any apps listed which aren't whitelisted by me. Out of interest, what device are you using here? I wonder if some OEM is preventing "their" apps from talking over the VPN? If so, that would be a fairly major data leakage, as it would mean a corporate VPN intended to make it safe to use public WiFi, would be getting bypassed on a routine basis.

I did a quick experiment here - Xperia Z2 on 5.1. I unfroze Sony Account Manager (some app that's built into the ROM to let you log into a Sony account). I have it blocked in NetGuard. I then tried to add a Sony account, and it freezes on "Loading". It didn't get anywhere, and I left it for a long time. So it seems to be working here on system apps at least.
 

bagarwa

Senior Member
Feb 18, 2012
1,178
2,745
Bothell
play.google.com
Is it (technically) possible to add "on-demand" feature ?
Maybe something close to how LBE works ... Yes/No/Don't ask again
Suggestion...

Is the LBE's firewall actually working for you? I get the prompt to allow / deny WiFi access when I launch the app (say, Chrome for example). But even if I deny, the app is still able to access internet. i.e. the deny isn't working. I tested this right before installing NetGuard.

Nexus 5, Stock 6.0, ElementalX, Rooted.
 

M66B

Recognized Developer
Aug 1, 2010
25,129
52,634
Is the LBE's firewall actually working for you? I get the prompt to allow / deny WiFi access when I launch the app (say, Chrome for example). But even if I deny, the app is still able to access internet. i.e. the deny isn't working. I tested this right before installing NetGuard.

Nexus 5, Stock 6.0, ElementalX, Rooted.
Please discuss LBE elsewhere.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    Version 2.300 is available on Bitbucket now.

    Download:
    https://bitbucket.org/M66B/netguard-test/downloads/NetGuard-v2.300-release.apk

    There will be no update notification for this preview release.

    Changelog:
    • Improved Android 12 compatibility
    • Removed subscriptions (due to new Play store policies)
    • Updated builds tools and translations
    All changes:

    https://github.com/M66B/NetGuard/compare/2.299...2.300?w=1
    2
    Hi Marcel,

    I understand that NetGuard is no more available on GitHub but on Bitbucket.

    Is this new version 2.300 a stable or beta version ? It's not indicated when trying downloading it.
    The Bitbucket version is a preview version. It will be made available on GitHub later.
    2
    Hi there,

    first of all a big thanks @M66B for Netguard. I almost immediately bought the premium version after I got my new phone and decided to try going root-less and replace AfWall+ with it for a while. And from what I can tell it runs perfectly fine since some months :)

    I really love the integrated ad-blocking feature and let Tasker update my blocklist via service intent. In that way, Netguard both replaces AfWall+ and my VPN to my Pi-Hole at home with only minimal restrictions (not being able to access my Shaarli instance at home for example if I am away), since the Wireguard app sadly does not support Socks5 :rolleyes:.

    I have one question though which I could not find in the app FAQ or in this thread: Is it also possible to append a local hosts file via a second service intent or shell command after the main hosts file has been updated?
    1
    Hi,
    NetGuard does not request access rights for storing data thus I can't grant permission. This is the same for all of my devices and it is working on the others.
    Is there some sort of if-then condition to enable or disable those buttons?
    Please read the res of the referenced FAQ too and skip the part of the storage permissions.

    The FAQ is for FairEmail, but the problem is similar.
    1
    Any chance for a root-version of NetGuard to get it working without VPN?
    Perhaps as Magisk module or donation-feature?


    Short notice: As I was looking for a firewall app I also found this one.
    It is using your app description. Perhaps just the description or also your codebase with different interface ui.
    I have no plans for a root version, sorry.

    The referenced app is most likely based on the code of NetGuard, without permissions ...
  • 348
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    25
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    17
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.