IP Table based Android firewall apps (i.e., DroidWall, LBE Privacy Guard) are known to provide a good measure for preventing applications accessing the internet. However, during the boot time, while they are not fully loaded in the background yet the phone might still be vulnerable.
It might have not occurred but there is actually a very simple solution to the above problem. Disabling the Data service before restarting the phone will leave no chance an application can get a chance to transmit data on the startup process. The option to disable/enable data is normally found under the Data Delivery from the Settings menu.
Also on my Motorola Atrix I found when data is disabled the phone starts a bit quicker for obvious reasons -- any apps that allowed to access the internet does not perform its tasks i.e. weather widgets.
I'm sorry if this tip was already a widely known knowledge. Hope it helps someone new in Android world.
Related
First of all, Hello! Hoping to find some nuggets of information from you guys!
Android/HTC for Business. The main areas we wish to lock down, and administer are:-
1) Data Usage Capping - Limiting the user to 1GB of Mobile Data, per month. At our discretion, we will up the limit once it has been reached. This means we can take charge of our data rather than the carrier.
2) Secure the device - Locking Marketplace, prevent end user installing apps and changing the company branding. Also deny adding widgets. We can add these from our workshop on an individual user requirement basis.
3) Remote Administration - Connecting remotely to the device be it over Wi-Fi or 3G to troubleshoot problems and amend settings on the users phone. Preferably with a GUI, rather than messing around with Command prompts.
Now, been doing some digging around and I may have answered some of the questions.
Data Usage Capping using 3G watchdog and APNDroid.
Secure the Device - Password protection with Protector
Remote Administration - Webkey (Rooting required)
But wondered if anyone had any other suggestions? Protector is good but limited in respect it can't lock down the adding of widgets, or at least I haven't found the setting. This has a knock on effect as a user can add the APNDroid to the home screen for example and switch the data back on! Webkey obviously won't work with the Wildfire S' as there is currently no root option for the device.
I half expect a lot of you to tell me to go with Blackberry BES, but Android IMHO is the way forward!
Thoughts?
Thanks,
Adam
When using the internet on your device that has an active carrier data plan and no WIFI network is available, the device automatically switch to carrier's data plan.
There are many instances where people with limited monthly plans have run into bloated bills due to unintentional excess data usage.
I searched far and wide across the forums, to find any tips, tricks, tools or best practices for optimized data usage, but could not find much.
This is my humble attempt to come up with such a list.
Hopefully this will help someone avoid those surprise excess usages and bloated bills.
Please bare with me if this is insufficient or if the information herein becomes outdated due to new features in latest Android versions.
I'm not an expert. I am kind of a half-noob myself
1. Install a Data Monitor application.
There are applications which help you monitor data usage.
They show how much usage has happened through carrier's packet data and how much is through WIFI.
They also show data usage per application.
If your ROM does not already have these features, there are so many applications available on the android market (Google play store).
Search for one that suits your needs. I personally prefer My Data Manager
Note that all these data monitor applications monitor the usage at real-time.
That means, they can only monitor your usage form the day you installed them. Don't wait till you run into an excess usage problem, install one now.
2. Explicitly turn off packet-data during huge WIFI downloads.
If you are downloading huge data over WIFI (say a 600 MB file), and in-between if your WIFI becomes unavailable, chances are that the phone switches automatically to carrier data and continues with the download.
This is a sure shot scenario to cause surprise excess usage.
The WIFI might become unavailable due to any number of reasons like:
Straying out of the signal area - if you are moving around
Source getting disconnected - I have a cabled broadband with unlimited data on my laptop, I make my laptop a WIFI hotspot (kind of reverse tethering) using a USB adapter (wireless N150 USB adapter from buffalo). Whenever there is a power cut, my broadband connection goes off until I manually reconnect. Also, my connection periodically times off if it's on for a long time, or my laptop might restart.
The router might malfunction or in worst case, the phone's WIFI connectivity might itself dysfunction.
The point is, keep in mind that the WIFI can go off half way through the download and you might end up using carrier data.
The best solution is to turn off your carrier data. [Uncheck Settings -> Wireless and network -> Mobile networks -> Use packet data]
You can turn it on once the download finishes or once you have stopped/paused the download and you are sure that it won't use up your packet data.
This way, you can ensure that you are actually downloading through WIFi.
3. Firewall - allow/disallow data access to individual applications.
There are firewall applications on the market that allow you to:
Block internet access to selected apps.
Many apps like offline games and simple tools require full internet access permission. At first glance, this looks suspicious as these apps do not seem to have any business going online.
The main reason most of them use this permission is to allow in-app Ads.
By using firewalls, you can block internet access to selected apps that do not require internet access for their normal functioning.
Separate packet (3G/GPRS) and WIFI data.
Some apps consume too much data, like Facebook, Google plus and some games.
If you don't need to be online on these apps all the time, you can allow them only WIFI access, so that they can sync only when WIFI becomes available and they can never use up your carrier data.
Toggle blocking status.
Useful when you want to occasionally turn it on for a while.
There are many such firewall apps available on the market and some antivirus apps also come with inbuilt firewall features.
I personally use DroidWall
Note:
Provide access to all android system applications, and apps which come pre-configured from your vendor (I guess they could be trusted)
Make sure all apps that require internet access are given the access - both in WIFI and 3G mode.
Make sure known data guzzlers are denied access - both WIFI and 3G (provided they do not require access for their normal functionality)
If in doubt about any particular app - I prefer to provide it access. Better safe, than risk impaired functionality.
4. Download Manager - pause/resume downloads.
Say you are downloading about 10MB of data and the connection drops when you are about 8MB completed.
At this situation, you do not want to start downloading from scratch again when connection becomes available.
This way, if you are moving in and out of connection, you will end up trying to download the same data again and again, drastically increasing the usage.
You need a download manager with pause, resume, auto resume features to handle this situation.
There are many available on the market, search and use a one that best suits your needs.
This works only for downloading from browser links, dropbox, etc.
The download manager does not come into picture if you are trying to download data directly from an app (like many games download huge data when started for the first time after installation).
I am yet to find an app which can handle this kind of situation. Something like - intercept any downloads initiated from within other apps, and provide you option to manage those downloads.
If anyone knows of any such app, please do update us.
However, most games and apps which do huge data download have inbuilt capability to manage the download.
For example, Sygic has an excellent download manager that manages maps and other downloads for it. It comes by default with Sygic.
5. Push Notification Detectors.
When you install certain applications, they might have tie-ups with certain advertisers to send add notifications directly to your device's notification bar.
Such ads are called push notification ads. They allow the developers to make some revenue and help keep the free applications free.
These notifications show up on your notification area periodically, even when the original application which installed them is not running.
As of now, I cannot find any statics/benchmarks to understand how much data push-notifications consume. But they definitely do consume some data.
It is a personal choice whether you want such notifications or not, I personally feel a little bit of data usage is OK, as it is a small price to pay and helps the developers.
But some applications might be tied up with greedy advertising schemes that do extensive push notifications and consume excessive data.
One best way is to go through the apps description carefully before installing.
If the developer clearly states that the app uses push notification adds, it shows some responsibility on the developer’s part and you can assume he has taken the steps to ensure that the notifications are not excessive and does not consume excess data.
You can then choose to either install or not install the application.
However, there are many applications which are silent about the fact that they use push notifications.
There are many detectors on the market which detect all the installed apps on your device which appear to use known notification Ad frameworks.
They do not block the Ads, but inform you which applications are causing them. You can then choose to uninstall those applications or give them only WIFI data access or freeze them for a certain period of time to monitor your data consumption.
I personally use AirPush Detector
6. Freeze / Unfreeze applications.
If you suspect some application to be causing excess data consumption through push ads, you can freeze it for certain time and monitor the data usage to check if there is any significant change.
There are many such applications on the market which allow you to freeze/unfreeze select apps.
Most of them require root access (I do not know of any such app which works without root)
Titanium Backup (Requires Root) is the best application out there as per my opinion.
It does much more than freeze/unfreeze. It's a must have app for any root user.
PS:
Be very careful which apps you decide to freeze.
There are many apps that should not be frozen, especially system apps and some of those that come preinstalled on your ROM.
If you try to freeze any such app which should not be frozen, you might render your phone unusable.
Please refer threads related to your device to get a list of safe-to-freeze apps for your particular device.
Rooting might void warranty and has an associated risk of rendering your device unusable if done improperly.
If you are unfamiliar with concepts, read through the forums here on XDA, use the search button
This is all I can think of for now.
If you have any more useful tips/tricks or best practices related to data usage, please add them here, so that it can help others as well.
Cheers,
Sandeep
I have a bit of a problem with Secure Folder. I have tried using disconnect pro, adhell, and adguard. So 2x knox blockers and 1x vpn blocker. All 3 of them are installed in the standard main partition of the device and work fine on apps not in the secure folder. Any app I have in the secure folder is apparently completely bypassing the ad blocking of all 3 blockers. The only way this is possible seems to be that anything in that folder is also bypassing the knox firewall AND any vpn you have set up. Surely your phone has ONE internet connection so all traffic has to go through it, this blocking should work on secure folder apps just the same? The apps and their data may be segregated but if I have a hosts file blocking certain IP's, I see no reason that should not effect every connection on the device! For security reasons alone you would not want secure folder apps bypassing a VPN for example.
I did try to install disconnect pro in the secure folder too but it just wouldnt work, it would not turn on, probably because it was already installed and running in the main partition and can't be running twice. I really wouldn't want to run it twice anyway due to the battery drain being double for no good reason.
So basically as far as I can see it is impossible to block ads in apps installed in secure folder?? (or for that matter, use your vpn with apps in the secure folder??)
I'm having the exact same issue. I was hoping for a resolution
I use blokada (a VPN based blocker) on my note8. You have to run it within the secure apps environment to block ads there as well. It's a bit counter intuitive but I actually love this. Even if I accidentally leave my work VPN open in the main OS my traffic from secure apps doesn't get sent through it. IMO this is brilliant.
A bit to late but has anyone figured this out yet, to filter the entries phones internet access through the main sides VPN... I found that using a direct DSN will help block ads in both primary and secondary, but one primary DSN is unstable for some websites
I've installed and tried both these apps, both use a VPN connection to "filter out" data usage (WiFi and Mobile data)... they also include logs of attempted connections with IP domains included.
However, when I block system apps such as Android System and its sub-apps, they still accumulate data. While some attempts for connection to Android System apps are shown in the log and blocked, some must be getting around it...because I check the Data Usage for Android System, and it constantly climbs even while "blocked" from data access by the firewall VPNs.
Anyone else have same issue? Is this just an inevitable flaw if you don't have root access? Is this possibly due to spyware which is somehow overriding?
Bump
I would like to figure out the best solution to receive some kind of real time alerts when an apk is installed on my phone. Two possible options would do this through tasker by monitoring the /data/data folder and creating a notification or through termux with a similar method. Looking for ideas or input here.
Disable automatic updates... lock it down.
Always keep install unknown files disabled unless needed.
If you don't use wi-fi it's easy; disable wi-fi and set Playstore etc to autoupdate by wi-fi only.
Karma Firewall will block all the update IPs as well. I also use Package Disabler to block Playstore and AT&T updates.
Complete updates lockdown on my phone unless I want it.
Makes finding a buggy update much simpler... only a matter of time before autoupdates bones you proper.
@Masterbuilt
If I see it correctly then what you have in mind is to continously take snapshots and compare these. In my eyes an horror: it costs RAM ,stresses CPU, reduces the lifespan of the eMMC, discharges the battery beyond measure...
In my eyes it would be a far better solution to establish an Android service (in Android a service runs in the background and is started at boot time) that intercepts the broadcasts of the Android package manager
Code:
ACTION_PACKAGE_ADDED
and acts accordingly. Causes very little RAM and CPU usage.