Hey guys!
I'm given the task of securing 2 android devices (galaxy tab 7.0 and an S3). The friend of mine who has asked me to do this has been hacked (on an Iphone and on a windows PC) recently (for various sinister reasons) and After I secured her windows environment she bought these devices. A while after using the phone someone started to remotely control the phone and typed 'hell' in our language and she is really afraid. One of the pcs I secured has been stolen since it couldn't be reached remotely anymore, so I guess the threat is pretty serious. Now getting to the point, what would be the BEST way to do this ?
-Flashing custom roms on these (which is the most secure?)
-Seting up an antivirus + firewall on both devices (also I'd like to know which of these are the best NP if its paid)
-Setting up an anti theft app (and same here, I know Cerberus, but I'm wondering if there is a better solution)
The hard part of this is the fact the hackers are very likely experts (they hacked her Iphone back then making it taking photos and logging all keys like a regular keylogger).
What a story!
I strongly recommend avast! AntiVirus which comes with avast! Anti-Theft. Best Part: It's free!
McAfee is supposed to detect more malware but not as many as it would be worth its price.
Sent from my GT-I9100 using xda app-developers app
H3llwar said:
What a story!
I strongly recommend avast! AntiVirus which comes with avast! Anti-Theft. Best Part: It's free!
McAfee is supposed to detect Moore Malware but not as many as it would be worth its price.
Sent from my GT-I9100 using xda app-developers app
Click to expand...
Click to collapse
Thank you Buddy! Any additional professional suggestions? Anyone?
Anti-virus is only a curative solution, and can only detect malware after they have already breached your device. Android's security model makes it difficult for an attacker to remotely breach the device, unless they have a bad app installed on the device. When a user installs an app, they give that app certain permissions, and these permissions need to be checked to ensure they aren't being used as malicious apps (why would a camera app need to make phone calls on your behalf?) . The best suggestion would be to exercise good permission checking habits to ensure you aren't accidentally installing a bad app. Also, attackers may also send bad code through SMS, which may appear as a clickable link. I could keep going on possible ways to get compromised, but these are the most prominent.
syung said:
Anti-virus is only a curative solution, and can only detect malware after they have already breached your device. Android's security model makes it difficult for an attacker to remotely breach the device, unless they have a bad app installed on the device. When a user installs an app, they give that app certain permissions, and these permissions need to be checked to ensure they aren't being used as malicious apps (why would a camera app need to make phone calls on your behalf?) . The best suggestion would be to exercise good permission checking habits to ensure you aren't accidentally installing a bad app. Also, attackers may also send bad code through SMS, which may appear as a clickable link. I could keep going on possible ways to get compromised, but these are the most prominent.
Click to expand...
Click to collapse
Get a PermissionsManager like OpenPDroid or XPrivacy.
Sent from my GT-I9100 using xda app-developers app
Hey folks,
I recently installed NoRoot Firewall and found it really interesting to dis/allow network traffic without root. The app uses a local VPN to tunnel traffic and selective adjust the access. It needs permission for startup and networkaccess, the dev says it only needs this for rooting issues (see in-app explanation). The funny thing is, the app runs perfectly even without the INTERNET permission.
Unfortunately, the app isn't open source, the dev is a ghost and it hasn't been audited for security flaws. Although on a German blog, a security specialist has partly audited it for 30 minutes using Wireshark and network analysis. This resulted in no unusual traffic and no manipulations (instead of Mobiwol firewall).
My concern is: Is the app able to manipulate the traffic, that's rooted through itself, to point it or copy it to another destination? I ask, because it even works without internet and wasn't manipulating traffic in the test I read. And if really sensitive data is routed through the app and it's possible to ship this data cloned to another place, it's really disturbing.
I hope someone is able to clarify the technical background.
Greetz
traceless said:
Hey folks,
I recently installed NoRoot Firewall and found it really interesting to dis/allow network traffic without root. The app uses a local VPN to tunnel traffic and selective adjust the access. It needs permission for startup and networkaccess, the dev says it only needs this for rooting issues (see in-app explanation). The funny thing is, the app runs perfectly even without the INTERNET permission.
Unfortunately, the app isn't open source, the dev is a ghost and it hasn't been audited for security flaws. Although on a German blog, a security specialist has partly audited it for 30 minutes using Wireshark and network analysis. This resulted in no unusual traffic and no manipulations (instead of Mobiwol firewall).
My concern is: Is the app able to manipulate the traffic, that's rooted through itself, to point it or copy it to another destination? I ask, because it even works without internet and wasn't manipulating traffic in the test I read. And if really sensitive data is routed through the app and it's possible to ship this data cloned to another place, it's really disturbing.
I hope someone is able to clarify the technical background.
Greetz
Click to expand...
Click to collapse
Has Droidwall been tested?
crobjam said:
Has Droidwall been tested?
Click to expand...
Click to collapse
Doesn't answer my question, but it's open source in contrast to NoRoot Firewall.
I use XPrivacy and it works OK without any additional bakdoors.
It has even more functions (blocking permissions for apps) for privacy protection.
Very good question OP.
This is a extremely useful app but I also would like to know about the possible risks involved.
One would assume that removing the internet access permission (thanks for that suggestion) would render the app harmless but I can't be sure...
EDIT: After removing the app's internet permission with APK Permission Remover I found that the app does run without any error message but it won't allow any app to connect to the internet whatsoever. Which I guess is totally logical since all connections are routed through NoRoot Firewall...
mp107 said:
I use XPrivacy and it works OK without any additional bakdoors.
It has even more functions (blocking permissions for apps) for privacy protection.
Click to expand...
Click to collapse
with the difference that you need root..
I'm looking for no root firewall, NetGuard (alpha) seems to be the alternative
http://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
stpol77 said:
with the difference that you need root..
I'm looking for no root firewall, NetGuard (alpha) seems to be the alternative
http://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
riesdepies said:
Very good question OP.
This is a extremely useful app but I also would like to know about the possible risks involved.
One would assume that removing the internet access permission (thanks for that suggestion) would render the app harmless but I can't be sure...
EDIT: After removing the app's internet permission with APK Permission Remover I found that the app does run without any error message but it won't allow any app to connect to the internet whatsoever. Which I guess is totally logical since all connections are routed through NoRoot Firewall...
Click to expand...
Click to collapse
Xprivacy cannot block Android system internet access, as that breaks your internet connection. Another limitation is that it cannot restrict android native apps. So, you need a real firewall to deal with that.
Noroot firewall is a horrible concept: your internet traffic is routed through some unknown server. Whatever you send though the internet is totally exposed to any kind of attacks/exploits. Plus, the issue of open source vs. close is totally irrelevant as applied to servers: so what if they open source their server? You will never know whether that server was built out of that open source.
The only solution is a real firewall.
Please stop listening to dopes who tell you not to root your device. They have an agenda: most of them are either advertisers, spooks or Google employees. The argument that a user doesn't know what he/she is doing and therefore should not have root is false: every known operating system on Earth (windows, mac, linux et al) provides root access/administrative rights to a user. So, how is that the same PC/MAC/Linux user all of a sudden becomes a dummy when it comes to a smart phone? The answer is he does not. But when he gets root, he can restrict advertising, spooking and spying by Google, carriers, advertisers and others.
optimumpro said:
Noroot firewall is a horrible concept: your internet traffic is routed through some unknown server. Whatever you send though the internet is totally exposed to any kind of attacks/exploits. Plus, the issue of open source vs. close is totally irrelevant as applied to servers: so what if they open source their server? You will never know whether that server was built out of that open source.
Click to expand...
Click to collapse
From what I understand, the concept of NoRoot Firewall isn't routing your traffic through an external server but using a local or virtual VPN as a firewall. The Android VPN service is only used to provide control over your connections. This was explained on their web page which now seems to have disappeared. The problem is that one shouldn't just take their word on this and that's why it is relevant that this program is not open source.
There's an interesting discussion on the subject here.
riesdepies said:
From what I understand, the concept of NoRoot Firewall isn't routing your traffic through an external server but using a local or virtual VPN as a firewall. The Android VPN service is only used to provide control over your connections. This was explained on their web page which now seems to have disappeared. The problem is that one shouldn't just take their word on this and that's why it is relevant that this program is not open source.
There's an interesting discussion on the subject here.
Click to expand...
Click to collapse
If that were so, then why would users complain that NoRoot Firewall is increasingly being blocked by various services? That surely indicates a unique IP address, which is different from your mobile/wifi IPs. Android local vpn won't create a separate external IP address. I bet if you go to what's my ip, you will find a curious IP address.
I am always amused by people saying I am looking for a no root app when it comes to security. You just can't secure a system without administrative rights. This is like saying I need protection for my car, which has a habit of swerving around, but do it without using a steering wheel.
optimumpro said:
If that were so, then why would users complain that NoRoot Firewall is increasingly being blocked by various services? That surely indicates a unique IP address, which is different from your mobile/wifi IPs. Android local vpn won't create a separate external IP address. I bet if you go to what's my ip, you will find a curious IP address.
Click to expand...
Click to collapse
I don't know where you read that 'NoRoot Firewall is increasingly being blocked by various services' but maybe it had to do with the fact that you can't use a VPN service while using NoRoot Firewall because it already uses the Android VPN functionality as a firewall.
I also verified my IP adress online and it does not change when I use NoRoot Firewall.
BTW, I am rooted because I like to have full control over my Android but I haven't come across a root firewall app with granular control like NoRoot Firewall. Do you have any suggestions?
I attached a screenshot of the app explaining itself and its permission.
stpol77 said:
with the difference that you need root..
I'm looking for no root firewall, NetGuard (alpha) seems to be the alternative
http://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
NetGuard is open source and very easily audited or checked - no Internet access itself.
It isn't as granular as other firewalls, but it has no battery drain, since the VPN service is only used for sinkholing traffic. So for now it's an all or nothing way to block an individual app from network access. There's more details in the thread, and the source is quite readable too.
Its using Vpn so its a power consuming app
Can anyone suggest best root app for restricting internet traffic to apps over wifi/mobile data. And also works as a VPN. The same option is there is noroot firewall. but from somehow from the above discussion, it is not 100% secure.
optimumpro said:
Xprivacy cannot block Android system internet access, as that breaks your internet connection. Another limitation is that it cannot restrict android native apps. So, you need a real firewall to deal with that.
Noroot firewall is a horrible concept: your internet traffic is routed through some unknown server. Whatever you send though the internet is totally exposed to any kind of attacks/exploits. Plus, the issue of open source vs. close is totally irrelevant as applied to servers: so what if they open source their server? You will never know whether that server was built out of that open source.
The only solution is a real firewall.
Please stop listening to dopes who tell you not to root your device. They have an agenda: most of them are either advertisers, spooks or Google employees. The argument that a user doesn't know what he/she is doing and therefore should not have root is false: every known operating system on Earth (windows, mac, linux et al) provides root access/administrative rights to a user. So, how is that the same PC/MAC/Linux user all of a sudden becomes a dummy when it comes to a smart phone? The answer is he does not. But when he gets root, he can restrict advertising, spooking and spying by Google, carriers, advertisers and others.
Click to expand...
Click to collapse
Some of us are just stuck with phones that are locked up tight and can't root to begin with. So I to am looking for a no-root solution. Before this phone I had all the others rooted, when it was an option. I came across this in a search because I just got a gopro, and the app creates a wifi connection between the gopro and the phone. Soooo, if I'm driving with the gopro, the phone, and all other apps think it's on wifi. So while I'm controlling the camera, other apps like Pandora, Amazon Music, and the sort search and search for a connection on that wifi network that's only between phone and camera, and won't resort to mobile data as long as that connection exists. Anyway, calm down.... not everyone has an agenda. Rooting is indeed relatively simple, but it's also equally simple for someone who missed one detail to ruin their phone. Anyone that ever asked me about it, I'd help them and give them a good "what you need to know" before I show them how to make sure they understand how important it is to read read read. If I get the impression they're a little impatient, or this kind of thing goes over their head, I discourage them from rooting. Just because I care and would hate for them to ruin an expensive device.
Hey folks,
I recently signed up in this forum, and I'm aware of it's professionalism. First, I was a simple observer because I wanted to try to understand the basics and it wasn't not a long time I discovered Android.
I installed NoRoot Firewall. My smartphone is rooted and I also installed LightningWall.
I blocked (with LightningWall) outgoing and inbound access concerning "NoRoot Firewall", and NoRoot Firewall is running fine.
Is it the good action to be sure that NoRoot Firewall doesn't export my data to an external server ?
Or it's not the good action because NoRoot Firewall uses a VPN ?
Sorry if my first post is too basic.
I hope someone is able to answer me.
Due to my recent installation of app Network Log, I have examined the I/O on the Net made by NoRoot FireWall.
It appears (by examining the log) that NoRoot FireWall is making I/O on the Net, but unfortunately I can't determine if those I/O are on behalf of applications crossing NoRoot FireWall (through Android VPN functionality), or for app NoRoot FireWall itself.
I don't know how to determine it.
If anybody has an idea.
iwanttoknow said:
Due to my recent installation of app Network Log, I have examined the I/O on the Net made by NoRoot FireWall.
It appears (by examining the log) that NoRoot FireWall is making I/O on the Net, but unfortunately I can't determine if those I/O are on behalf of applications crossing NoRoot FireWall (through Android VPN functionality), or for app NoRoot FireWall itself.
I don't know how to determine it.
If anybody has an idea.
Click to expand...
Click to collapse
guys,
maybe we could just block the noroot firewall app itself in the app list from using data/wifi.
it's running fine for me.
micmaccc said:
guys,
maybe we could just block the noroot firewall app itself in the app list from using data/wifi.
it's running fine for me.
Click to expand...
Click to collapse
Hi,
I blocked output of Noroot Firewall in the list of its controlled app.
I also blocked Noroot Firewall with LightningWall (input and output).
And I observed I/O made by Noroot Firewall in Internet, by using app NetworkLog (examining its log file).
I can't determine if I/O made by Noroot Firewall are really made by Noroot Firewall by itself, or for allowed app crossing Android VPN used by Noroot Firewall.
Is there a tool to determine it ?
Amusons-nous avant tout !
Hello. Please excuse the necro.
A few questions please:
I'm not a networking expert. I do not understand the difference between the pre- and post- filters. Does it need to be redundant, ie mirror the rules on both filters?
How do you know if it's incoming or outgoing?
Also, why is it that even if there is a rule blocking a domain, such as *.domain.comort, I still see a connection being requested?
micmaccc said:
guys,
maybe we could just block the noroot firewall app itself in the app list from using data/wifi.
it's running fine for me.
Click to expand...
Click to collapse
How do you do this? I always thought blocking NoRoot from within NoRoot didn't make sense. Do I need to install another FW?
fpjones3 said:
Hello. Please excuse the necro.
A few questions please:
I'm not a networking expert. I do not understand the difference between the pre- and post- filters. Does it need to be redundant, ie mirror the rules on both filters?
How do you know if it's incoming or outgoing?
Also, why is it that even if there is a rule blocking a domain, such as *.domain.comort, I still see a connection being requested?
How do you do this? I always thought blocking NoRoot from within NoRoot didn't make sense. Do I need to install another FW?
Click to expand...
Click to collapse
Install another FW dosen't make sense, because all traffic through NoRoot. The another FW can't recognize the network access by apps.
---------- Post added at 07:14 AM ---------- Previous post was at 06:58 AM ----------
iwanttoknow said:
Hey folks,
I recently signed up in this forum, and I'm aware of it's professionalism. First, I was a simple observer because I wanted to try to understand the basics and it wasn't not a long time I discovered Android.
I installed NoRoot Firewall. My smartphone is rooted and I also installed LightningWall.
I blocked (with LightningWall) outgoing and inbound access concerning "NoRoot Firewall", and NoRoot Firewall is running fine.
Is it the good action to be sure that NoRoot Firewall doesn't export my data to an external server ?
Or it's not the good action because NoRoot Firewall uses a VPN ?
Sorry if my first post is too basic.
I hope someone is able to answer me.
Click to expand...
Click to collapse
You can think of it as a router on the network.
In windows we require administrative rights. I see no elevation request raised by Antivirus software even paid ones.
How it decompile or check for virus signatures of apps without root access?
Is AV for mobile a joke?
Sent from my XT1033 using XDA Free mobile app
vikraminside said:
Is AV for mobile a joke?
Click to expand...
Click to collapse
Pretty much. At least with Android. Malware exists, but it's extremely rare from legitimate sources (Play Store, Amazon). Just use your brain. If you're rooted, be extra careful with what you install. Especially stay away from anything to hack a game for extra coins/gold/gems/whatever. And don't put your credit card/bank account info through any app that has no business asking for it.
AV apps are pretty much useless for detecting any actual malware, and in fact are detrimental to your devices' performance because they're always running and when they have to do their scans. Many aren't completely useless, because the creators realize that basic AV is, indeed useless, so they offer stuff like remote device monitoring, kill switches, data recovery, etc.
Hello,
I decided that I want to root my phone in order to use Xposed FW.
From what I know, rooting the phone may cause problems in terms of malwares, security breaches and such.
I tend to underestimate Anti-Virus apps, they all look gimmicky and never find anything (or it's just me never infecting my phone...)
Anyway, how can I protect the data on my phone from all the crap around the internet after rooting and Xposing it?
Anyone?
Personally, I feel rooting makes my phone more secure. I am in control of my system and what has access to a data connection. I am in control of what gets installed on my phone. Most of the malware comes from apps.
I'm new on the forums, but have been a computer/tech geek for many many years. I treat my rooted device as if it was my PC. Be mindful of what you click.
This is how I approach Android security:
Always check permissions before installing apps, especially from Play Store. The ONLY third party apps I'll ever flash are from reputable devs in this forum and from Fdroid. Use a good adblocker.
Find a good up to date custom ROM that includes Super SU. Flash AFwall+ and whitelist only what needs data. I see you mentioned XPosed so be sure to check out XPrivacy. I've read where some users use both AFWall and XPrivacy as kind of a failsafe. Read these forums. I've learned a great deal just reading here. We are fortunate to have so many talented people at XDA.
I don't even bother with antivirus apps and never been infected. I hope this clears up your fears with rooting. Bottom line is simply be mindful of what you click or flash and do your research here on the forums.
Hi,
I also use Xposed.
About rooting, I deactivate it in SuperSU when I don't need it. I don't know if it's a useful reaction.
BTW, I have the same point of view than KernelCorn.
Amusons-nous avant tout !
Anyone have anymore input or suggestions on this topic?
Root + Xposed + AFWall+ + XPrivacy + microG Gms Core + F-Droid / FLOSS apps + self-hosting services like Cozy, Owncloud... + a brain. That's all what I need.
Primokorn said:
Root + Xposed + AFWall+ + XPrivacy + microG Gms Core + F-Droid / FLOSS apps + self-hosting services like Cozy, Owncloud... + a brain. That's all what I need.
Click to expand...
Click to collapse
I've been installing and reading up on the apps you mention.
I'm having trouble finding any information on the app you mention called 'a brain'.
spastico said:
I've been installing and reading up on the apps you mention.
I'm having trouble finding any information on the app you mention called 'a brain'.
Click to expand...
Click to collapse
:laugh: Yeah most are infected with whackyware!
Hi,
I seek good site with virus for Android. I must test my antyvirus on my mobile phone. Thank you
Android anti-virus are useless.. They just tell you if the app is infected and then to unninstall it..(Some times with fake alert)
If you talk seriously about android device "security", you should put some firewall app and filter the apps internet access and deny some connections. Smartphones are targeted for bot networks very often and if you allow root access to some of these apps they dig in to system and its very hard to remove them, you have to flash new kernel and rom. And the other threat is mostly the annoying adware apk's, but you can upload and scan them in the Nviso web page or with Virustotal. You can made some changes to the host file that is in the root directory of your android phone, there you can block sites that deliver ads with some apps, or use LP which is automated. This is important because some apps are not malicious themselfs, but the sites they connect to are malicious and some times they run bad JS codes in the backround on your phone and you see only some flashing ads on the screen.
Zionx9 said:
Hi,
I seek good site with virus for Android. I must test my antyvirus on my mobile phone. Thank you
Click to expand...
Click to collapse
Download test virus app from play store and run antivirus scan. These app is harmless. It is for test purpose.
If it helped. Please thank me.