Friday 9 November 2012

Firewalls for Android: AFWall+ succeeds DroidWall


Just about every Android app in the Google Play Store asks for full internet permission, but not all of them need it from a user point of view (if you're the developer of the app you probably have a different opinion). Many apps work perfectly offline, and only want to go online to load ad banners, track your movements, steal your address book, or worse.

The good news is that Android has a couple of firewall apps to keep those apps offline.

The most famous Android firewall is DroidWall. You can blacklist apps to keep 'em offline, or whitelist apps so only they can go online and the rest can't. You can keep your apps away from WiFi, mobile data, or both. It's one of the first apps to install after you root your phone or tablet. Unfortunately DroidWall hasn't been updated in ages, and it probably stays that way.

There are some alternatives for DroidWall. LBE Privacy Guard has a firewall built in, but DroidWall does it better. Antivirus app avast has a firewall built in too, and it gives you even more choice because you can choose to keep apps away from all mobile data networks, or only when roaming. Too bad that avast doesn't log your apps attempts to go online the way DroidWall does.

But now there's a new firewall that combines DroidWall and avast. AFWall+ is meant to continue where DroidWall stopped. It looks a lot like DroidWall, because it's built on the same code. But AFWall adds a few goodies that DroidWall doesn't have.

The best reason to replace DroidWall is that AFWall+ splits mobile data access in roaming and non-roaming, just like avast does. It can notify you when you install new apps, so you don't forget to blacklist or whitelist them. And AFWall+ lets you switch off app icons to speed up loading. This is a major improvement over DroidWall, which can be very slow if it has a lot of icons to fetch and show.

DroidWall used to block the wrong apps after restoring them from a backup because their identification numbers change. AFWall+ is smarter: it keeps track of the package names of your apps instead, so it blocks the right apps after you remove and restore them, like when you install a new ROM.

There are a few minor issues. The menu is pretty bare, because most options sit in a Ice Cream Sandwich/Jelly Bean-like overflow menu on what Google calls the action bar. I'm not a fan of that overflow menu button. It sits on the top right of the screen, which is harder to reach than the menu button on the bottom left. Of course it's different if you're left-handed, and if your shiny new Android device doesn't have an old skool menu button the overflow menu is the only way in.

Another minor thing: you can't clear the log from the log screen itself. You have to leave the log, get back into the overflow menu, and then hit the "clear log" button.

AFWall+ is still young, and updates come frequently. Sometimes they introduce new bugs. For example, one update caused the app to crash when you tried to see the log or the blocking rules. But the developer of the app fixes things quickly: it took just a day to fix the crash bug. I'd still make a backup off AFWall+ before you install any update, just to be on the safe side.

AFWall+ is not in the Google Play Store yet, but that's just a matter of time. For now you can grab a copy from GitHub and read more about it on the xda forums.
Update: it's in the Play Store now.

Keep in mind that running two firewalls is like wearing two condoms. It causes a lot of friction and it doesn't make things any safer. So if you replace DroidWall with AFWall+, make sure to switch off your old firewall.

AFWall+ on xda
AFWall+ (Google Play Store)

more firewalls:

DroidWall
LBE Privacy Guard (permissions manager and firewall)
avast! (antivirus, anti theft, find my phone, firewall)

Before you start thinking that a firewall blocks all unwanted connections, keep in mind that there are a few seconds in between booting Android and your firewall waking up. Any app that launches before your firewall has a few seconds to go online until your firewall gets out of bed. Except AFWall+, which doesn't leak when your phone boots.

Update: AFWall+ fixed the leaky boots. I rebooted my phone a few times to check if anything managed to sneak through, but all apps blocked by AFWall+ were blocked right from the start. The only time I saw data leaking through AFWall+ was when my phone froze and I had to reboot it by pulling the battery. But after a normal shutdown (either by pushing the power button or after an empty battery triggers automatic shutdown) AFWall+ is waterproof.


tweet this reddit digg this StumbleUpon digg this digg this

2 comments:

  1. Thanks for the writeup on AFWall+ I am the author of AFWall.I follow your blog closely. You are doing great job. I'll take your suggestions and will try to fix those minor issues. BTW, the last one "a few seconds to go online", I tried to fix that issue. Did u test that with AFWall+ ?

    ReplyDelete
  2. I'll check the plug that fixes the boot leak. Will update after I'm done testing.

    Q: how does your fix work?

    ReplyDelete