From f4f6597211aeeac209ea3330203b9d5196f6f169 Mon Sep 17 00:00:00 2001 From: M66B Date: Tue, 17 Nov 2015 13:47:59 +0100 Subject: [PATCH] Moved FAQ Refs #161 --- FAQ.md | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 91 +++++++------------------------- 2 files changed, 172 insertions(+), 72 deletions(-) create mode 100644 FAQ.md diff --git a/FAQ.md b/FAQ.md new file mode 100644 index 00000000..31eeb3e2 --- /dev/null +++ b/FAQ.md @@ -0,0 +1,153 @@ +NetGuard +======== + +Frequently Asked Questions (FAQ) +-------------------------------- + + +**(1) Can NetGuard completely protect my privacy?** + +No - nothing can completely protect your privacy. +NetGuard will do its best, but it is limited by the fact it must use the VPN service. +This is the trade-off required to make a firewall which does not require root access. +The firewall can only start when Android "allows" it to start, +so it will not offer protection during early boot-up (although your network may not be loaded at that time). +It will, however, be much better than nothing, especially if you are not rebooting often. + +If you want to protect yourself more, you can (at least in theory) disable Wi-Fi and mobile data before rebooting, +and only enable them on reboot, after the firewall service has started (and the small key icon is visible in the status bar). + +Thanks @[pulser](https://github.com/pulser/) + + +**(2) Can I use VPN applications while using NetGuard?** + +If the VPN application is using the [VPN service](http://developer.android.com/reference/android/net/VpnService.html), +then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service. + + +**(3) Can I use NetGuard on any Android version?** + +No, the minimum required Android version is 5.0 (Lollipop) because NetGuard uses the [addDisallowedApplication](http://developer.android.com/reference/android/net/VpnService.Builder.html#addDisallowedApplication(java.lang.String)) +method. + + +**(4) Will NetGuard use extra battery power?** + +No, unlike most of the similar closed source alternatives. + + +**(5) Can you add selective allowing/blocking applications/IP addresses?** + +Unfortunately, this is not possible without using significant battery power +and adding complex code to do network translation from OSI layer 3 to layer 4 +(and thus implementing a TCP/IP stack), which will inevitably introduce bugs as well. +This is how most (perhaps all) other no-root firewalls work. +NetGuard is unique, because it doesn't implement a TCP/IP stack, and is therefore both highly efficient and simple. + +For more advanced use cases, rooting your device and using an iptables based firewall, +like [AFWall+](https://github.com/ukanth/afwall), might be a better option and will not sacrifice any battery power. + + +**(6) Will NetGuard send my internet traffic to an external (VPN) server?** + +No. It cannot even do this because NetGuard does not even have *internet* permission. + + +**(7) Why are applications without internet permission shown?** + +Internet permission can be granted with each application update without user consent. +By showing all applications, NetGuard allows you to block internet access *before* such an update occurs. + + +**(8) What do I need to enable for the Google Play Store to work?** + +You need 3 packages (applications) enabled (use search in NetGuard to find them quickly): + +* com.android.vending +* com.google.android.gms +* com.android.providers.downloads + +Since the Google Play Store has a tendency to check for updates or even download them all by itself (even if no account is associated), +one can keep it in check by enabling "*Allow when device in use*" for all 3 of these packages. +Click on the down arrow on the left side of an application name and check that option, +but leave the network icons set to red (hence blocked).The little human icon will appear for those packages. +By doing this, you can still open the Google Play Store and update/install/uninstall applications since it will have internet access, +but once you close it, it will not use any bandwidth. + + +**(9) Why is the VPN service being restart?** + +The VPN service will be restarted when you turn the screen on or off and when connectivity changes (Wi-Fi, mobile) +to apply the rules with the conditions '*Allow when screen is on*' and '*Block when roaming*'. + + +**(10) Will you provide a Tasker plug-in?** + +If disabling NetGuard is allowed to Tasker, any application can disabled NetGuard too. +Allowing to disable a security application from other applications is not a good idea. + + +**(12) Can you add on demand asking to block/allow access?** + +Besides that this requires questionable Android permissions, +it is not possible to implement this, given the way NetGuard works. +For more details, see [question 5](#FAQ5). + + +**(13) How can I remove the ongoing NetGuard entry in the notification screen?** + +* Long click the NetGuard notification +* Tap the 'i' icon +* Depending on your device and/or ROMs manufacturer software customisations, you can be directed to either: + * the **App Info** screen and you can uncheck '*Show notifications*' and agree to the next dialog + * the **App Notifications** screen and you can toggle the '*Block*' slider to on + +Note that, whether or not you get a dialog warning to agree upon, this operation will disable any warning notifications from NetGuard as well. + + +**(14) Why can't I select OK to approve the VPN connection request?** + +There might be another application on top of the VPN connection request dialog. +Some known (screen dimming) applications which can cause this are Lux Brightness, Night Mode, and Twilight. +To avoid this problem, at least temporary, close all applications and/or services which may be running in the background. + + +**(15) Why don't you support F-Droid?** + +Because F-Droid doesn't support reproducible builds. +Read [here](https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise) why this is important. + + +**(16) Why are some applications shown dimmed?** + +Disabled applications and applications without internet permission are shown dimmed. + + +**(17) Why is NetGuard using so much memory?** + +It isn't, NetGuard doesn't allocate any memory, except a little for displaying the user interface elements. +It appeared that on some Android variants the Play store connection, using almost 150 MB and needed for in-app donations, +is incorrectly attributed to NetGuard instead to the Play store. + + +**(18) Why can I not find NetGuard in the Play store?** + +NetGuard requires at least Android 5.0, so it is not available in the Play store for devices running older Android versions. + +Some devices have an Android variant with a bug in the services NetGuard requires. +These devices are black listed for the Play store. See also about [compatibility](#compatibility). + + +**(19) Why does aplication xyz still have internet access?** + +If you block internet access for an application, there is no way around it. +However, applications could access the internet through other applications, like Google Play services. +You can prevent this by blocking internet access for the other application as well. + + +**(20) Can I Greenify NetGuard?** + +No. [Greenifying](https://play.google.com/store/apps/details?id=com.oasisfeng.greenify) +or otherwise hibernating NetGuard will result in rules not being applied +when connectivity changes from Wi-Fi/mobile, screen on/off and roaming/not roaming. diff --git a/README.md b/README.md index 98bc10f6..9472a91f 100644 --- a/README.md +++ b/README.md @@ -79,150 +79,97 @@ Frequently Asked Questions (FAQ) **(1) Can NetGuard completely protect my privacy?** -No - nothing can completely protect your privacy. -NetGuard will do its best, but it is limited by the fact it must use the VPN service. -This is the trade-off required to make a firewall which does not require root access. -The firewall can only start when Android "allows" it to start, -so it will not offer protection during early boot-up (although your network may not be loaded at that time). -It will, however, be much better than nothing, especially if you are not rebooting often. - -If you want to protect yourself more, you can (at least in theory) disable Wi-Fi and mobile data before rebooting, -and only enable them on reboot, after the firewall service has started (and the small key icon is visible in the status bar). - -Thanks @[pulser](https://github.com/pulser/) +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ1). **(2) Can I use VPN applications while using NetGuard?** -If the VPN application is using the [VPN service](http://developer.android.com/reference/android/net/VpnService.html), -then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ2). **(3) Can I use NetGuard on any Android version?** -No, the minimum required Android version is 5.0 (Lollipop) because NetGuard uses the [addDisallowedApplication](http://developer.android.com/reference/android/net/VpnService.Builder.html#addDisallowedApplication(java.lang.String)) -method. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ3). **(4) Will NetGuard use extra battery power?** -No, unlike most of the similar closed source alternatives. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ4). **(5) Can you add selective allowing/blocking applications/IP addresses?** -Unfortunately, this is not possible without using significant battery power -and adding complex code to do network translation from OSI layer 3 to layer 4 -(and thus implementing a TCP/IP stack), which will inevitably introduce bugs as well. -This is how most (perhaps all) other no-root firewalls work. -NetGuard is unique, because it doesn't implement a TCP/IP stack, and is therefore both highly efficient and simple. - -For more advanced use cases, rooting your device and using an iptables based firewall, -like [AFWall+](https://github.com/ukanth/afwall), might be a better option and will not sacrifice any battery power. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ5). **(6) Will NetGuard send my internet traffic to an external (VPN) server?** -No. It cannot even do this because NetGuard does not even have *internet* permission. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ6). **(7) Why are applications without internet permission shown?** -Internet permission can be granted with each application update without user consent. -By showing all applications, NetGuard allows you to block internet access *before* such an update occurs. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ7). **(8) What do I need to enable for the Google Play Store to work?** -You need 3 packages (applications) enabled (use search in NetGuard to find them quickly): - -* com.android.vending -* com.google.android.gms -* com.android.providers.downloads - -Since the Google Play Store has a tendency to check for updates or even download them all by itself (even if no account is associated), -one can keep it in check by enabling "*Allow when device in use*" for all 3 of these packages. -Click on the down arrow on the left side of an application name and check that option, -but leave the network icons set to red (hence blocked).The little human icon will appear for those packages. -By doing this, you can still open the Google Play Store and update/install/uninstall applications since it will have internet access, -but once you close it, it will not use any bandwidth. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ8). **(9) Why is the VPN service being restart?** -The VPN service will be restarted when you turn the screen on or off and when connectivity changes (Wi-Fi, mobile) -to apply the rules with the conditions '*Allow when screen is on*' and '*Block when roaming*'. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ9). **(10) Will you provide a Tasker plug-in?** -If disabling NetGuard is allowed to Tasker, any application can disabled NetGuard too. -Allowing to disable a security application from other applications is not a good idea. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ10). **(12) Can you add on demand asking to block/allow access?** -Besides that this requires questionable Android permissions, -it is not possible to implement this, given the way NetGuard works. -For more details, see [question 5](#FAQ5). +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ12). **(13) How can I remove the ongoing NetGuard entry in the notification screen?** -* Long click the NetGuard notification -* Tap the 'i' icon -* Depending on your device and/or ROMs manufacturer software customisations, you can be directed to either: - * the **App Info** screen and you can uncheck '*Show notifications*' and agree to the next dialog - * the **App Notifications** screen and you can toggle the '*Block*' slider to on - -Note that, whether or not you get a dialog warning to agree upon, this operation will disable any warning notifications from NetGuard as well. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ13). **(14) Why can't I select OK to approve the VPN connection request?** -There might be another application on top of the VPN connection request dialog. -Some known (screen dimming) applications which can cause this are Lux Brightness, Night Mode, and Twilight. -To avoid this problem, at least temporary, close all applications and/or services which may be running in the background. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ14). **(15) Why don't you support F-Droid?** -Because F-Droid doesn't support reproducible builds. -Read [here](https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise) why this is important. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ15). **(16) Why are some applications shown dimmed?** -Disabled applications and applications without internet permission are shown dimmed. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ16). **(17) Why is NetGuard using so much memory?** -It isn't, NetGuard doesn't allocate any memory, except a little for displaying the user interface elements. -It appeared that on some Android variants the Play store connection, using almost 150 MB and needed for in-app donations, -is incorrectly attributed to NetGuard instead to the Play store. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ17). **(18) Why can I not find NetGuard in the Play store?** -NetGuard requires at least Android 5.0, so it is not available in the Play store for devices running older Android versions. - -Some devices have an Android variant with a bug in the services NetGuard requires. -These devices are black listed for the Play store. See also about [compatibility](#compatibility). +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ18). **(19) Why does aplication xyz still have internet access?** -If you block internet access for an application, there is no way around it. -However, applications could access the internet through other applications, like Google Play services. -You can prevent this by blocking internet access for the other application as well. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ19). **(20) Can I Greenify NetGuard?** -No. [Greenifying](https://play.google.com/store/apps/details?id=com.oasisfeng.greenify) -or otherwise hibernating NetGuard will result in rules not being applied -when connectivity changes from Wi-Fi/mobile, screen on/off and roaming/not roaming. +This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ20). Permissions -----------