By user275517

2019-01-22 04:43:13 8 Comments

A few non-rooted (no rooted) Android 7 and 8 phones from (Huawei, ZTE, Neffos and Samsung) were tested in this simple firewall (NetGuard) experiment. A selection of apps (including apps from the phone manufacturer) was chosen to be blocked from accessing the Internet regardless using Mobile Data or WiFi, by using NetGuard.

Before the experiment, NetGuard and GlassWire for Android were installed. The GlassWire is activated to monitor if these apps still can access to the Internet. Throughout the experiment, GlassWire reported that some apps, that were blocked by NetGuard, had network traffic to the Internet.

Therefore, it seems that users who buy any Android phones are denied full control of the phone, even if they have installed privacy protection apps such as NetGuard. So, to make the experiment fair enough, this question is posted here, requesting help from experts out there, on whether what is the actual problem(s).

Is the problem caused because GlassWire reports false positives? Or NetGuard requires special configurations in order to block Internet for selected apps? Or Android phones disregard users and allow apps to access Internet even though NetGuard was installed?


@Irfan Latif 2019-07-17 12:52:06

Is the problem caused because GlassWire reports false positives?

You are correct. This question appears to me related to understanding of OSI Model. NetGuard is based on VPN which makes use of TUN interface at OSI layer 3, while GlassWire collects data from NetworkStatsManagr which is something within Android's Java runtime e.g. the creation of sockets happens at top layers; Application or Transport. And the UID based data usage is collected from qtaguid module of iptables which also operates at OSI layers above 3.

Making use of Per-app VPN configuration, NetGuard asks the OS to only send traffic from app XYZ through TUN interface so that it can be forwarded through a VPN connection (which it never does). When we see apps from top, it looks like the apps are sending network data which is moving out of the device, but in actual it's blocked at layer 3. So IP packets even don't hit the physical layer.

This fact is self explained by GlassWire app. It has a builtin firewall which is also based on VPN; no other possible way for non-root apps. When turning on this firewall, it warns that user will still get data usage stats for blocked app. The reason is as stated above, data is measured on upper OSI layers, blocking occurs at lower level:

That's why sniffers work at OSI layer 2, or even better is to watch from outside e.g. using a proxy server or at router.

Therefore, it seems that users who buy any Android phones are denied full control of the phone, even if they have installed privacy protection apps such as NetGuard.

Well, NetGuard and similar apps have become somewhat privacy protections apps just as a side effect of Android's VPNService API which wasn't intended for this usage. Such apps can do app filtering based on UIDs and/or SOcket_MARKs which Android uses to categorize the network traffic for different purposes. If they wanted to give users freedom of choosing which apps can access internet and which can't, they could simply set Protection Level of android.permission.INTERNET dangerous, which doesn't favor their business model; consider the fact that Google is biggest search engine and ads are their prime source of revenue.

Advanced users who want a more fine-grained control on privacy, usually root their devices and make use of lower level things like Linux kernel's builtin firewall iptables. Also some custom ROM have such features built-in.


Related Questions

Sponsored Content

2 Answered Questions

1 Answered Questions

[SOLVED] Apps whitelisted in AFWall+ without my knowledge

2 Answered Questions

[SOLVED] How to Audit Android Apps (for screenshot activity)

14 Answered Questions

[SOLVED] Block apps from accessing the Internet on Android device

  • 2013-03-06 05:31:51
  • AndroidDev
  • 416559 View
  • 58 Score
  • 14 Answer
  • Tags:   internet

3 Answered Questions

[SOLVED] Anyway to split apps sharing an UID?

  • 2017-08-22 10:48:43
  • Stopi
  • 824 View
  • 4 Score
  • 3 Answer
  • Tags:   settings firewall

2 Answered Questions

[SOLVED] Can I block specific apps from using GPS?

  • 2012-02-29 11:10:28
  • Questioner
  • 14834 View
  • 11 Score
  • 2 Answer
  • Tags:   gps privacy

1 Answered Questions

1 Answered Questions

[SOLVED] Malicious Android Apps installed remotely on my device

  • 2015-09-29 13:14:43
  • avadoo
  • 4040 View
  • 0 Score
  • 1 Answer
  • Tags:   privacy

2 Answered Questions

[SOLVED] Block Connection to Specific BSSID's?

  • 2014-02-26 19:00:32
  • threehappypenguins
  • 1764 View
  • 6 Score
  • 2 Answer
  • Tags:   firewall

Sponsored Content