Tuesday 31 May 2011

DroidWall has leaky boots


Update: DroidWall out, AFWall+ in. Unlike DroidWall, AFWall+ doesn't leak on boot.

DroidWall is an Android firewall that usually does its job. But not always.

When you boot your phone, there is a brief period in which blocked apps can go online before DroidWall wakes up and starts blocking them. My network log shows that some apps indeed manage to go online even though I blocked them in DroidWall. This may cause unwanted updates or worse.

My Windows firewall (Comodo) makes sure that no data can go in or out before the firewall itself is up and running. DroidWall should do the same. A firewall should not leak. Never.

Does anyone know a way to force DroidWall to start blocking unwanted traffic when I boot my phone without giving apps a chance to sneak traffic through in the seconds between booting my phone and DroidWall getting out of bed? Of course there is a workaround: rename your access points with an app like ApnDroid before you shut down your phone, but then you have to switch your data connection back on by hand after your phone has finished booting. If your phone crashes you don't get a chance for that before you reboot, in which case the only way to close the data gap is to take your SIM card out and stay out of WiFi range.

Would there be a better method? A method that simply denies apps permission to switch your internet connection on behind your back? Or a way to force Android to start DroidWall before any other apps are allowed to run? Please leave a comment or hit the email link on the bottom of this page.

DroidWall (Google code)
DroidWall (Android Market)

Update: DroidWall out, AFWall+ in. Unlike DroidWall, AFWall+ doesn't leak on boot.


tweet this reddit digg this StumbleUpon digg this digg this

4 comments:

  1. Just wanted to let you know that you are doing a great job with your posts. I like them really much. Keep it up!

    ReplyDelete
  2. boot order might be alphabetically related to the directory name in /data/data

    ReplyDelete
  3. best way is to revoke the net permission of apps, it is inbuilt feature in CM7 or u can download app called permissions.

    ReplyDelete
  4. Problem solved. AFWall+ is an improved version of DroidWall that keeps the gates closed on boot.

    http://androidunderground.blogspot.com/2012/11/firewalls-for-android-afwall-succeeds.html

    ReplyDelete