Grey Shirts NoRoot Firewall for ANDROID

Discussion in 'other firewalls' started by FOXP2, Oct 25, 2013.

  1. 142395

    142395 Guest

    Some notes for FP:

    If you combine FP with FW, most traffic go through FP so it can somewhat decrease effectiveness of FW though you can limit FP by FW to some extent.
    However of course, it's worth doing.

    FP comes with some default rule sets but it's optimized to Japanese website so maybe most of them are useless for you.

    As noted in Playstore, if FP is killed by Android you'll get into trouble.
    Keep icon in tasktray, but if you don't want to see it you can safely hide it just as J_L did to LostNet.
    However, even while FP is active, sometimes it causes trouble. First thing you can try is set FP status to BYPASS. Just tap green ACTIVE button in main screen.
    Note BYPASS only apply to blocklist filtering, so redirect control and/or header modification are still active.
    And some app just don't like any proxy thus cause problem.
    I reccomend setting 2 access points up, like MyAP & MyAP2, with basically same settings except proxy one, thus you can quickly switch proxy on/off.

    FP applies blocklist (or any other list) from upper side to lower until it finds match (or finds no match).
    So performance wise, after you made your own block rules, browse website and use apps just as you always do, then hit counter in filter tab―Oh, dear, do your FP interface is optimized for English? Sorry I don't know but maybe not? It's sorry if Neutral Tao didn't made English version.
    Anyway, you can see hit count just next to each rule, e.g.
    [2] .google-analytics.com/ means FP cut 2 connection to that domain.
    Then tap Android's setting button, then there're two options: Deny response & Sort.
    tap Sort, and there're 4 options: matched number(ascending order) , matched number(descending) ,alphabetical (ascending) and alphabet(descending).
    Tap matched number (ascending) so that the most hit domain comes top.
    Then near the bottom, there should be not much used domain rule. if after days or weeks you found those rules rarely used you can simply tap the domain to disable it. Or if you want to delete it, just long tap it.
    Note reboot your phone will reset those counter.

    FP also let you to set redirect rule which helps e.g. remove annoying redirect some website use, or some redirect tracking (FP can't modify https connection so you can't remove redirect from Google's SSL search though FP can block https connection).

    It's let you modify http header too, so e.g. you can remove Etag and/or referer, and/or modify UA and/or Accept-Encoding.
    And you can set scope for each rule e.g. only for certain domain (www1.example.com), domain with wildcard (www?.*.com), or apply always.
     
  2. FOXP2

    FOXP2 Guest

    Do you think you folks might peel off a separate thread for filter proxy? Not that I'm an "off topic" cop (but it is off topic) as well another discussion with the title "Neutral Tao FilterProxy for Android" might motivate the admins here to create a separate forum for Android. In fact, please do so and paste in links to the relevant discussions already here.

    My requests for an Android security-centric forum here have been ignored and a few users informed me, based on history, I might as well pound sand. However, the one user who thought my three Lavasoft Ad-Aware version announcement threads and one Lavasoft Companion product thread were "too many" (Gasp!) got them all merged into one, practically overnight. :confused:

    Cheers.
     
  3. FOXP2

    FOXP2 Guest

    Fun, isn't it?! :D

    BTW, I've been wanting to ask which DNS servers you've seen some success with in ad blocking in Fool DNS? I might give that a try and open a new "...for Android" thread with my results. Or, ahem, cough, you could do that.

    Thanks.
     
  4. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    556
    Location:
    Sonoran Desert
    I second the motion for a separate android forum. Sometimes the android posts get lost a few pages back and I cant remember which sub forum the android thread I'm looking for is in. I would think It would gain more traction than the "other anti-trojan forum" has atm.

    Although my Nexus is now rooted also this thread has prompted me to revisit GS NoRoot Firewall.

    BTW, also had disconnect problems in the past with LostNet. Thanks to Yuki for alerting to the tracking concerns.
     
  5. 142395

    142395 Guest

    Third here.
    Also no need to exclude iOS.
    Yes, there're few threat in iOS unless jailbreaked, but if people have interest in NRFW or FP, then probably those who have iOS will have interest in Weblock and Adblock (iOS app) too.

    And though it is already suggested in somewhere, I believe current other anti-virus, other anti-trojan and other anti-malware subforum should be reconstracted as their name doesn't represents contents and other anti-trojan subforum is almost dead.

    My thought is:
    Marge other anti-trojan into other anti-malware and rename it as "complementary anti-malware".
    Rename other anti-virus as "Full-fledged anti-malware"
    Make "Android and iOS security software" subforum.

    I explicitly said Android and iOS because if it includes windows for tablet, there'll be no clear boundary btwn other subforum because it can be used in usual desktop environment.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    No love for BlackBerry? Just kidding (sort of). But if I had an iOS phone and couldn't jailbreak it, what are my options for blocking ads or firewalling apps in 3G/LTE? Sorry since this is off-topic, but I'm not sure if I should create a new thread for a simple Q&A. Not interested in pursuing it further being a mostly Android guy.

    *Actually we can discuss it further here: https://www.wilderssecurity.com/threads/adblocking-and-firewall-for-ios.369734/
     
    Last edited: Oct 29, 2014
  7. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    541
    Location:
    United States
    Yes, but nothing worth doing comes easily. :) Sure, I seen no reason to crowd a single thread. If there are any articles that you specifically would like included, please message me. I'll do my best to gather any other relevant posts before publishing. FoolDNS is still my default at the moment, seems to block ads fairly well. Like I said earlier, it's hit and miss on iOS. One of the airplane games that my sister likes has a static area dedicated for ads. You can block them, but you can't utilize the freed up screen space. But breaking these up would probably help organize this conversation. At the moment, I'm not sure there is a enough for a dedicated subforum. But a dedicated mobile security and privacy sub-forum would get my vote.
     
  8. FOXP2

    FOXP2 Guest

    @Techwiz
    No, I'm serious. Creating a rule set to bend an Android app's connectivity to my will is... fun. As well, doing the detective work on that connectivity is a security education in itself.

    I didn't mean you were crowding the thread, well, not too much ;) but your and Yuli2718's discussion is excellent and would advance greater benefit to the forum if posted up under its own title, like "Neutral Tao FilterProxy for Android."

    A static screen space is a whole lot more desirable than the crap that runs in them, especially for those that don't offer an ad-free paid version. Of course, for apps of merit and utility (and fun), payment is the best ad blocker.

    I thought FoolDNS was an app, not the servers themselves. I'll give 'em a shot.

    Cheers.
     
    Last edited by a moderator: Oct 29, 2014
  9. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    541
    Location:
    United States
    For some people, its a chore, but I think its an adventure into new territory. I've setup the DNS addresses directly under the WiFi settings. Blocking advertisements, so I don't see why an application would be necessary except for management (toggling on and off) perhaps? This is all I need, since I don't have a cellular or wireless data plan. I'm prepaid entirely, but I'm fortunate enough to live and work around plenty of public and private WiFi networks that I can access freely. I'm also good friends with the network admins for those private networks and we are pretty tight, so blocking advertisements at the hardware level is a possibility for aggressive advertising/tracking that I can't manage myself.
     
  10. 142395

    142395 Guest

    Hahaha...:D
    I just though there will be no discussion for BlackBerry security.
    I suppose it is the most secure mobile OS, and honestly don't know whether it have ad blocking apps.
    Thanks for new thread:thumb:
     
  11. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    556
    Location:
    Sonoran Desert
    FYI, the Adguard for Chrome thread has morphed into Adguard for Chrome, Android, and IOS. Adguard uses the VPN connection as does GS. Not sure I like the permissions it requires. Somehow it's on Google Play even though it blocks ads.
     
  12. FOXP2

    FOXP2 Guest

    Beta.
    Filters only browser traffic with no mention of which browsers.
    Additional premium features for a small monthly fee; in-app $1.22 - $2.49 per "item."
    Uses VPN or local proxy.
     
  13. 142395

    142395 Guest

    The reason is explained by FOXP2: it only blocks ads in web browser that doesn't violate Google's policy.
    While both of their methods originally can monitor all traffic, probably they only apply filtering to TCP80 (and possibly 443) traffic.
    Maybe no use for us...
     
  14. 142395

    142395 Guest

    No one is testing new NRFW beta?
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Migrated to AFWall+, root ftw. Also noticed that NoRoot firewall seems to block LAN connection.
     
  16. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Giving it a go on kitkat 4.4.4
    Will see how it goes after a day or two.
     
  17. 142395

    142395 Guest

    I haven't tried yet.
    So far some leaks on log in certain situation is reported from other user (i.e. there seems to be some case where NRFW beta doesn't log correctly).
     
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    and NRFW Beta is uninstalled.
    Started running very high CPU and freezing my phone.
     
  19. SkFreemn

    SkFreemn Registered Member

    Joined:
    Jan 4, 2015
    Posts:
    1
    Great thread, tx!
    Temporarily I have not internet on my phone, but also I don't want to use Google Play in it.
    I will try this FW, but can't find it outside the Gogle play.
    I found some ways to download APK files on PC by APK Downloader:
    1) http://apps.evozi.com/apk-downloader/
    2) http://apkleecher.com
    Is that ways save? You can check MD5 File Hash, but.. in this case they are different.
     
  20. werty12345

    werty12345 Registered Member

    Joined:
    Jun 18, 2015
    Posts:
    3
    Sent a couple of emails to the developer of NoRoot Firewall and he didn't even bother to reply back. What I don't understand is how does this app helps to block ads/trackers/analytics from other apps. For it to be able to do so, it needs to show the list of domains that the app makes/import a filter list. However, this app does show the hostnames and not the domains. These are two different things in networking. I am currently using Netpatch firewall that is able to display the domain names and also subscribe to filter subscriptions.

    Consider this- you see the list of domains like this (with Netpatch firewall) after sniffing a network:

    setting.rayjump.com
    oc.umeng.com
    pubads.g.doubleclick.net

    versus the list shown below by NoRoot Firewall:

    ec2-52-50-110-132.eu-west-1.compute.amazonaws.com
    ord38s01-in-f1.1e100.net
    sfo03s06-in-f1.1e100.net

    How can anyone tell by looking at the list by NoRoot that which link is an ad/tracker and which is genuine. Ofcourse by looking at the top domain names, it becomes very clear that those are ad/tracker domains. Any advise.
     
  21. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    778
    Location:
    Headquarters - London & Field Offices -Worldwide
    Exactly the problem! NoRootFirewall is a very pretty and useful firewall app but for each app that attempts to gain Internet access NRFW showed on one example 16 outbound connections that the app wanted to make. All right - to allow the main one for the use of that app is fine but the rest of the requested connections are most likely rubbish. How is anyone to know and even find the time to look them all up?

    Thank you.
    Best regards,
     
  22. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    I was banging my head on the table with just this sort of anguish around 2012 and for about three of years with NRFW, among others, for rooted devices and not rooted. As the snooping and ads got more sophisticated, it got just plain overwhelming. Like a full time job, without pay.

    I decided to try AdGuard and after a couple of years renewing the licenses, I bought lifetime, now running on my Oreo Galaxy Tab A 10.1 and a Pie Moto X4. The name "AdGuard" doesn't do it justice.

    It has a firewall with app block toggles for WiFi and cellular for screen on and off like NetPatch's "Control Apps Network Access." If I determine an app like RPN Calc has no need to phone home, I block it. HTTPS filtering can be toggled individually for each app.

    I added some rules of my own. Like Samsung decided System needs to connect to Yahoo, so ||yahoo.com/$app=system says, "Oh no you don't."

    I select the ad blocking, privacy, social, security and annoyance filters I deem fit my needs. I tend towards AdGuard's offerings rather than the AdBlock (Easy, Fanboy, etc.) stuff. Security filters are malware domains, spam 404 and No Coin - individually or in combination.

    I've enabled Browsing Security to "check web pages with our phishing and malware filters." That's either on or off, no options.

    I make use of several of many settings in Stealth Mode.

    I use AdGuard to do DNS via DoH (and still do even though now Pie can). I prefer Quad9, but I've been giving AdGuard's own DNS a try lately.

    Stats and logs are plenty and detailed.

    Bottom line, instead of trying to do it all on my own, I now pay a respected commercial entity to do it for me. If the mighty Google Android OS (Overlord System) does anything sneaky or some app exploit shows up, there probably isn't something I or anything else could have done about it either.

    You have to license for ALL the AdGuard features: $10/year, and then renewal discounts, or $25/life. My annual-to-lifetime license upgrades were less, but I forget how much. Screamin' deal no matter what...

    For me, on Marshmallow, Oreo and Pie, it has been and is issue free, rock solid and so transparent it's like it's not there.

    I use Network Connections by Anti Spy Mobile to keep an eye on the traffic; it's in the Play Store. The $4.00 key unlocks the free version's Live Capture time-out and some feature restrictions. See the fourth screen shot. Any problem sites are flagged with detailed Abuse RBL data.
     
    Last edited: Apr 3, 2019
  23. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    778
    Location:
    Headquarters - London & Field Offices -Worldwide
    Surt:

    There is no problem regarding ads on the cell phone because uBlock Origin is being utilised quite successfully. The main problem is for example some app that only needs one connection to somewhere in order to obtain the information that is needed but that app makes connections to about 16 different IP addresses! Some of the addresses were investigated and found to be either phishing or ad related or something not necessary for the main app function, Facebook among them. Of course Facebook is not used nor on the phone whatsoever.

    The Network Connections app only shows what is connected (by IP address) as does NRFW. The NC app does not have any function to do anything about the connections one does not wish to be using e.g. it has no block function by IP built in.

    What is needed is a further refinement for NRFW to display the domain name at least or the URL of the IP addresses it can intercept and that it displays. Then one can decide quite a bit easier which single IP address to use and then all the others to block and this would be on an app by app basis.

    Best regards,
     
  24. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    Yes. I understood that when you mentioned it in your #71 post as well as expressing my own frustrations with just that. Your cited 16 connections was on the low side in my experience years ago, some apps as high as 75-80, maybe not as bad anymore. Regardless of the value, it's why I gave up. AdGuard does considerably more than block ads as I tried to convey, obviously unsuccessful. One can toggle it off and on and the difference in traffic (as observed in NC) is impressive; AdGuard's blocking log reads quite like the deluge of connections I used to see in NRFW. Does it handle all the "something(s) not necessary for the main app function"? Probably not, but almost everything is good enough because I don't have the time.

    Your smart phone or your apps doesn't care if facebook is used or not. I purged the app from my Galaxy and it (as system) connected to snooped to facebook.com AND facebook.net anyhow (as observed in NC). Even though the AdGuard blocked that, and for apps, I locked out system with my own rules (like I did for yahoo), just to be sure, facebook being mostly the festering pile of human debris that it is. My X4 is just as much fun.
    Your astute observation confirms the developer's description, "Powerful tool that displays and monitors (tracks) all inbound and outbound connection (sic) from and to your Android device." Nowhere else does it allude to anything else. But it's good you caught it.

    For look ups, NC is the best I've found. It's like Nirsoft's IPNetINfo, WhoisThisDomain and CurrPorts with a GeoLite database all rolled into one. If NC's Abuse RBL flagged a connection, that could possibly maybe perhaps be a good one to block with NRFW. Just thinkin' out loud here.
    It hasn't been updated since November 30, 2014; surely Grey Shirts is hard at work. An update is bound to happen any day now. Hang in there.

    That's it for me. Good bye.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.