[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 406 31.1%

  • Saving battery

    Votes: 281 21.5%

  • Increasing privacy

    Votes: 686 52.5%

  • Blocking ads

    Votes: 852 65.2%
  • Total voters
    1,307
Primokorn

Primokorn

Recognized Contributor / Themer
Nov 17, 2012
11,409
7,668
253
Oct 27, 2015 at 7:36 PM
M66B said:
Primokorn can you please try if you have the same problem with one of the no root firewalls from the Play store?
Click to expand...
You are right. Same FC with NoRoot firewall app (VpnDialogs). I'm using Temasek rom which is pretty far from stock. I'll try again with another custom rom.

Sent using XDA One
 
  • Like
Reactions: TziMmysGr
Primokorn

Primokorn

Recognized Contributor / Themer
Nov 17, 2012
11,409
7,668
253
Oct 28, 2015 at 7:48 AM
M66B said:
Thanks for reporting back.

I will try if I can detect/catch this error. Are you willing to test this? I can work on this later this week.
Click to expand...
No issue on Exodus rom. Do you know why NetGuard doesn't show up in the list of AFWall? Actually I have no control over NetGuard.
I'll keep Temasek rom for a while so you can count on me for your tests.
 
U

uncle_no_need_to_reply

New member
Oct 29, 2015
2
1
0
Oct 29, 2015 at 5:21 PM
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:
 
M66B

M66B

Recognized Developer
Aug 1, 2010
23,166
47,435
263
Oct 29, 2015 at 5:28 PM
uncle_no_need_to_reply said:
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:
Click to expand...
Are you sure you did distinguish between regular internet traffic and traffic routed into the VPN sinkhole?

Else this would be bad and an annoying Android limitation.

Edit: to be sure, I will add debug logging to see what is being routed into the VPN sinkhole (only in special builds, since decoding TCP/IP packets will use battery power).

Edit: I have added debug logging for connection requests in the sinkhole. Could you please build a version of NetGuard with this enabled and check what happens?
 
Last edited:
  • Like
Reactions: cajun86, datdirtyscrew and DrummerMuppet
pulser_g2

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,538
11,594
113
Oct 29, 2015 at 7:34 PM
uncle_no_need_to_reply said:
I have tried this app on a phone I'm currently working on, and since that phone is rooted I checked with Network Log whether internet access was really blocked or not for the selected apps.
Well, I'm affraid that the app doesn't work, it can't prevent system apps from connecting to the internet.
The android system, the settings, the settings storage, the bluetooth, the finger print, the finger print app lock, fused location, key chain, the thermal manager, the sensor calibration and a few others (about a dozen in total), can all freely send and receive data.
On a fully stock rom there would be many more, if there are only a dozen or so on mine it's because I've already toroughly skinned the rom and uninstalled lots of system apps.
The thing is that those system apps can't be uninstalled or modified on a non rooted phone, unlike third part installed apps that only require a bit of reverse engineering to have their internet permission removed and can be reinstalled once modified, and I'm sorry to say so but that makes net guard of not very much use, if any at all since it prevents the user to use the VPN.
Nice endeavour anyway, 2 thumbs up to the great devs m66b and pluser_k2...:silly:
Click to expand...
This is very interesting here - I didn't find this the case. I tested it out by blocking almost everything, and then trying to tether my device. It wasn't possible to do wireless tethering (which is a system function), with NetGuard enabled.

In my "data usage" screen, I don't see any apps listed which aren't whitelisted by me. Out of interest, what device are you using here? I wonder if some OEM is preventing "their" apps from talking over the VPN? If so, that would be a fairly major data leakage, as it would mean a corporate VPN intended to make it safe to use public WiFi, would be getting bypassed on a routine basis.

I did a quick experiment here - Xperia Z2 on 5.1. I unfroze Sony Account Manager (some app that's built into the ROM to let you log into a Sony account). I have it blocked in NetGuard. I then tried to add a Sony account, and it freezes on "Loading". It didn't get anywhere, and I left it for a long time. So it seems to be working here on system apps at least.
 
bagarwa

bagarwa

Senior Member
Feb 18, 2012
1,178
2,744
0
Bothell
play.google.com
Oct 29, 2015 at 7:46 PM
Jeff_i said:
Is it (technically) possible to add "on-demand" feature ?
Maybe something close to how LBE works ... Yes/No/Don't ask again
Suggestion...
Click to expand...
Is the LBE's firewall actually working for you? I get the prompt to allow / deny WiFi access when I launch the app (say, Chrome for example). But even if I deny, the app is still able to access internet. i.e. the deny isn't working. I tested this right before installing NetGuard.

Nexus 5, Stock 6.0, ElementalX, Rooted.
 
M66B

M66B

Recognized Developer
Aug 1, 2010
23,166
47,435
263
Oct 29, 2015 at 8:41 PM
bagarwa said:
Is the LBE's firewall actually working for you? I get the prompt to allow / deny WiFi access when I launch the app (say, Chrome for example). But even if I deny, the app is still able to access internet. i.e. the deny isn't working. I tested this right before installing NetGuard.

Nexus 5, Stock 6.0, ElementalX, Rooted.
Click to expand...
Please discuss LBE elsewhere.
 
  • Like
Reactions: datdirtyscrew and bagarwa
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone