Related
Dear kernel developer,
do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"
Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"
Sure?
In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).
Solution:
There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:
DROIDWALL ( h ttp://code.google.com/p/droidwall/ )
But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')
I found only one working kernel+rom, which is DroidWall compatible: "Six O´Clock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).
Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
Kind Regards
i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.
What about using the phone as a hardware firewall for your laptop when on public wifi?
I'd have no use for it personally but I am sure others might.
You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.
You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.
Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...
iptables
Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall
kuhine said:
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr
Click to expand...
Click to collapse
OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).
But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.
- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"
And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions
Please look to the Droidwall site and the screenshot of the software.
Regards
safttuete said:
Actually Andorid has a Firewall installed, its called iptables.
Click to expand...
Click to collapse
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.
uTauro said:
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
Click to expand...
Click to collapse
It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.
Hello all,
today I saw the message, that a wallpaper app sent private information to their server in china:
h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/
In the meantime I choose this rom with "DROIDWALL" firewall support:
[ROM-FroYo AOSP] OpenDesire v2.3a
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
kuhine said:
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
WiHerr
Click to expand...
Click to collapse
Checked ANDFIRE out. Seems to work fine on my DeFrost 2.2c release. Will check it out further. Interface looks very similar to DroidWall and that also seems to work fine on my device.
Will have to investigate further, but it's a good idea to get it working.
suffer not adware to live
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms.
Click to expand...
Click to collapse
If the kernel features you need are not an option consider a less horrible option:
LBE privacy guard
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
WiHerr
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
Click to expand...
Click to collapse
May be you should have a look for LBE privacy....
Hello,
what Secure manager software you are using.
i'm trying to find good software.
i tryed f-secure ant-theft needed to reflash phone.
then Es Secure Manaager, didn't work.
so any suggestion?
WaveSecure and Lookout are two of the best security apps that I've tried.
I realy dont see the point to install any Secure manager software, if the phone get stolen and you send the lock command and the thief cant "use" it, but if the thief reinstall the rom WOLLA it works.
WaveSecure take US $ 19.90 for 1 Year and call it secure? LOL
putkte:
You culd have one bult in i9000
www.samsungdive.com its free
ShezUK said:
WaveSecure and Lookout are two of the best security apps that I've tried.
Click to expand...
Click to collapse
I'm interested too.
I'm not afraid that someons install a new ROM. I'm afraid that the thief willhave acess to personal infmation like contact list, address. He will even have access to GPS information so he will know where I live.
Here in Brazil you can send the IMEI code to the carrier (with a police report) and they will preent the phone from working on any carrier here.
Hello,
I know that if thief is nerd he can get mine phone back by reflashing. From those lock command.
The he can get mine account information from sdcard. So that is what i dont want to happen. If he can get mine google account then he can get mine credit card info. And he get access mine personal stuff like contacts, email-accounts and facebook.
So thats why i want to get Security Software. Im not concorning if some one gets mine phone. I can get newone from store, but that personal information needs to be protected.
And i tried that Wave and it didnt get connection to wave server on 3g or in wifi.
I havent tried that samsungs software.
Sent from my GT-I9000 using XDA App
I am ok with paid/donate apps using it to ID your device, but a lot of the free apps share it so that they can track your usage and or with advertisers to push targeted ads to you. With location enabled, they can track where you are visiting, etc.. I feel they are allowed too much personal information.
Anyone know of a way to not allow access to this, other than disabling mobile networking?
Personally I would prefer to be anonymous, don't mind using something for free and having to see ads, that's fair..
-CC
I recently came under attack, and have determined that a hack tool used the IMEI and atiagent to gain information, that allowed them to connect remotely. persistently.
I was wondering how do i hide this info, or obtain a new valid number?
If i subscribe to a new service provider, will this help?
CM7 has a feature that allows you to revoke permissions. I haven't tried it, but it might do what you're after. I haven't tried it myself. Some apps may just crash though when it tries to get the IMEI. Since an app dev wouldn't expect a permission it was granted on install to be revoked, they may not have any exception handling around that.
Bottom line...if you don't trust an app with a permission it's asking for, I would generally just not install it and move on.
LBE Privacy guard, it's in the market
Best mobile security for android phone
Description
Full-featured Antivirus and Anti-Theft security for your Androidphone.Protect personal data with automatic virus scans and infected-URL alerts. Stop hackers by adding a firewall (rooted phones). Control anti-theft features with remote SMS commands for: history wipe, phonelock, siren activation, GPS tracking, audio monitoring, and many other useful tools. Your ‘invisible’ app hides itself, making it extremely hard for thieves to find and disable.A standalone yet tightly integrated component of avast! Mobile Security, avast! Anti-Theft is the slyest component on the market. Formerly known as Theft Aware, theAnti-Theft portion of avast! Mobile Security has been recommended byleading industry experts that include T-Mobile, N-TV, AndroidPIT,and Android Police
.avast! Mobilesecurity
Antivirus
Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution. Options for scheduling scans, virus definition updates, uninstalling apps, deleting files, or reporting a false-positive to our virus lab.
Privacy Report
Scans and displays (grid) access rights and intents of installed apps, identifying potential privacy risks, so you know how much info you arereally providing to each app.
SMS/Call Filtering
Filter calls and/or messages from contact list using set parameters based on day(s) of the week, start time, and end time. Blocked calls redirect to voicemail, while blocked messages are stored via filter log. Also possible to block outgoing calls.
App Manager
Similar to Windows Task Manager, it shows a list of running apps and their size (MB), CPU load, used memory, and number of threads and services – with an option to stop or uninstall.
Web Shield
Part of the avast! WebRep cloud, theavast! Web Shield for Android scanseach URL that loads and warns you if the browser loads a malware-infected URL
.Firewall
Add a firewall to stophackers. Disable an app’s internet access when on WiFi and 3G and roaming mobile networks. (Works only on rooted phones.).
avast! Anti-Theft
App Disguiser
After downloading avast! Anti-Theft,user can choose a custom name that disguises the app (e.g. call it “Pinocchio game”) so that it is even harder for thieves to find and remove.
Stealth Mode
Once anti-theft is enabled, the app icon is hidden in the app tray, leaving no audio or other trace on the target phone – the app is ‘invisible’, making it difficult for thieves to detect or remove.
Self-Protection
Extremely difficult for thieves to remove (especially on rooted phones), Anti-Theft protects itself from uninstall by disguising its components with various self-preservation techniques. On rooted phones it is able to survive hard-resets and can even disable the phone’s USB port.
Battery Save
Anti-Theft only launches itself and runs when it needs to perform tasks. This preserves battery life and makes it very difficult for thieves to shut it down.
SIM-Card change Notification
If stolen and a different (unauthorized) SIM card inserted, the phone can lock, activate siren, and send you notification (to remote device) of the phone’s new number and geo-location.
Trusted SIM Cards List
Establish a ‘white list’ of approved SIM cards that can be used in the phone without triggering a theft alert. You can also easily clear the trusted SIM cards list, to leave the one present in the phone as the only trusted one.
Remote Settings Change
A setup wizard guides the user through the installation process on rooted phones. No command-line knowledge is necessary to install Anti-Theft rooted. Also supports upgrading
.Remote Features
SMS commands provide you the following REMOTE options for your ‘lost’ (or stolen) phone:Siren, Lock, custom Display properties, Locate, Memory Wipe, covert Calling, Forwarding, “Lost” Notification, SMS Sending, History, Restart, and more.
https://market.android.com/details?id=com.avast.android.mobilesecurity
best? never ever. read tests and reviews on the internet. most free antivir software for android is useless because the recognition rate is very poor. 1-3 out of 120 threads were found with the best free anti virus app. I would use a paid version like kaspersky
theq86 said:
best? never ever. read tests and reviews on the internet. most free antivir software for android is useless because the recognition rate is very poor. 1-3 out of 120 threads were found with the best free anti virus app. I would use a paid version like kaspersky
Click to expand...
Click to collapse
Poor? Really?
It's the only full mobile security suite that offers working root features. There is a STEALTH option for the app to survive a hard reset, disable usb debugging, siren, GPS, message, forwarding, control and lock the phone all using the anti-theft remote feature.
advanced firewall, virus scanner, web guard, privacy advisor, app management..
It's lightweight on the memory and it looks appealing. What's poor about it?
what's poor? as I said, the recognition rate of viruses and malware. I just read it and saw a documentation in tv. although avast might be not that bad. I use avast for my pc, too and I like it
I've been using Avast on all of my desktops and laptops that i've used for the last 8 years and it never let me down..
I installed it on my phone as well a couple of months back..and it's never let me down too..till me phone wasn't rooted, the firewall option was disabled, but now even that's open..tried it out and i can definitely say its in par with its desktop counter part and way ahead of its paid android competitors..
This is boss.
Sent from my HTC Wildfire S using xda premium
I tried it, and it is the best thing since sliced bread. It does not make my phone lag at all, anti theft works wonderfully, and the detection rate is (apparently did not try it myself ) also very high. If you are like me and you download many APK's from the net, it could just save your phone, or your bank account xD.
koeniekoenie said:
I tried it, and it is the best thing since sliced bread. It does not make my phone lag at all, anti theft works wonderfully, and the detection rate is (apparently did not try it myself ) also very high. If you are like me and you download many APK's from the net, it could just save your phone, or your bank account xD.
Click to expand...
Click to collapse
What he said.
SomeDudeOnTheNet said:
What he said.
Click to expand...
Click to collapse
It is a shame that I cannot find the source anymore, but the detection rate was somewhere in the 90%.
I'm sure Avast will have a great detection rate, the problem come in the time between the malware being release and it being detected by the AV software. All companies/products will be affected by this and in that window your phone/computer/whatever can be harmed. Having said that I place my trust in a company with a very good track record of creating AV software and the anti-theft features make it a no-brainer for me. Avast Rocks.
best protection is making nandroid backups every 7 days or so ... and if something goes to hell, just revert, and adio ...
though i have never seen a virus for android, and i hope won't in close future ...
this is a good apps, but unfortunately i need to uninstall it since its blocking connections of viber..
I use avast for my pc!
After purchasing several Optus X Smart 4G smartphones outright that are currently being sold in Australian stores I felt the need to make others aware.
Despite being branded as an Optus mobile phone it is actually an Alcatel mobile phone that comes shipped with some nasty packages, one being "Files" that after several days of enjoying your new purchase is upgraded to "File Manager" an application which now runs a boost application (Hawk Super Cleaner/ antivirus).
This boost application runs 24/7 and nags the user to click an icon then displays advertising. When you remove this application it defaults back to the factory installed version that does not contain "File Manager" stuffed with the boost aplication.
Being installed as an Android System App "File Manager" stuffed with Hawk Super Cleaner/ antivirus is granted with higher Android Operating System App permissions than the end user has limited controll over which brings privacy and security concerns to the device IMHO.
To stop automatic updates that will reinstall the boost aplication a user needs to log onto the Google Playstore and go into settings, then check do not automatically update applications to stop ALL playstore automatic app upgrades. Doing this in the phones bundled "Updates" aplication has no affect in stopping the automatic reinstall. Caveat being that Playstore app upgrades now ALL need manually input from the user who needs to remain mindfully to not update "File Manager".
The other option is to run "File Manager", go into settings and turn off the on screen alerts, this will allow "File Manager" stuffed with Hawk Super Cleaner/ antivirus to run 24/7 on the device and be granted with the many permissions you (like myself) may not want to (and never did) accept upon uograde / install,. However, the on screen displays will be gone from the phone.
Don't bother trying to stop it on the Android operating system level via options like disable app, do not allow peeking and rely on uninstall to the factory shipped version of the app as Android and Included bloatware settings do not act as expected and it will automatically install itself again, also displaying on screen despite the end users wishes and Android settings being checked.
Never being advertised that the phone would have on screen advertising to the end user or forced third party apps as part of the Android operating system I have made a complaint to Optus, the communications ombudsman, the "File Manager" developer, Playstore, Play Protect, XDA forum and anywhere else that I felt relevant.
My unconfirmed fear is that this device may allow the manufacturer to controll bloatware updates in the future via a command and control server rather than exclusively at the Playstore, hopefully this is an unjustified fear and one day the Playstore can clamp down on this type of unwanted and non authorised Android System App behaviour and put security fears to rest.
Currently awaiting an outcome
UPDATE: The Telecommunications Industry Ombudsman has forwarded my complaint to Optus for a resolve.
My argument was that Optus sold a product and forcefully allowed a third party aplication (Hawk Super Cleaner/ antivirus) to be side loaded and included as an Android system App, which in my opinion is outside the scope of Optus being simply a supply conduit to internet services as Optus now dictates what third party app the customer of this product must use 24/7 and without a reasonable opt out.
I have also suggested that Play Protect offer the end user the option to force a single Android System App from updating and add a detection flag for Android System Apps that stuff a third party aplication and byspass the new app install agreement methods used by the Playstore, AI is needed to detect mass user bases being unfairly exploited for the means of profit at the flick of a switch.
Hopefully the 4 devices purchased are given an easy Android System App uninstall option for bloatware that advetises on this phone by default, or get side loaded onto the phone without end user authorisation and after the purchase of the product has been made.
Otherwise replacement phones of similar specs that have Android as expected and advertised on the product box, and without forced Android System App advertising will be preferred for complaint resolution.
Now awaiting complaint communications from Optus.
Hi have you tried 'rooting' the phone to control the system better and remove that type of application? I have heard it may be the only way to stop such apps when standard obvious methods fail. (You will have to Google that as I know nothing more than what I have read). I would be pleased to know how you go with that as I have thought about doing it with my own phone but I haven't had as much of a problem as you are experiencing. ([email protected])
Put a custom recovery on it if there isnt one available im more than happy to build one for it if you would like and then flash magisk root
Install es file explorer, grant system root permissions and remove the file manager completely by deleting it then replace with another stock one in which you know has nothing being forced on you,
I was in the same boat have the optus x spirit next up from smart and the amount of 3rd party applications is to be quite honest shocking in my opinion i developed a TWRP for the X spirit and did exactly what i mentioned above no problems now
Rom for 5056i
Hello just wondering if possible to build a twrp or some rom to root this mobile of mine. Thanking you chaschas