mirror of https://github.com/M66B/NetGuard.git
parent
4d820c6eca
commit
f4f6597211
|
@ -0,0 +1,153 @@
|
||||||
|
NetGuard
|
||||||
|
========
|
||||||
|
|
||||||
|
Frequently Asked Questions (FAQ)
|
||||||
|
--------------------------------
|
||||||
|
|
||||||
|
<a name="FAQ1"></a>
|
||||||
|
**(1) Can NetGuard completely protect my privacy?**
|
||||||
|
|
||||||
|
No - nothing can completely protect your privacy.
|
||||||
|
NetGuard will do its best, but it is limited by the fact it must use the VPN service.
|
||||||
|
This is the trade-off required to make a firewall which does not require root access.
|
||||||
|
The firewall can only start when Android "allows" it to start,
|
||||||
|
so it will not offer protection during early boot-up (although your network may not be loaded at that time).
|
||||||
|
It will, however, be much better than nothing, especially if you are not rebooting often.
|
||||||
|
|
||||||
|
If you want to protect yourself more, you can (at least in theory) disable Wi-Fi and mobile data before rebooting,
|
||||||
|
and only enable them on reboot, after the firewall service has started (and the small key icon is visible in the status bar).
|
||||||
|
|
||||||
|
Thanks @[pulser](https://github.com/pulser/)
|
||||||
|
|
||||||
|
<a name="FAQ2"></a>
|
||||||
|
**(2) Can I use VPN applications while using NetGuard?**
|
||||||
|
|
||||||
|
If the VPN application is using the [VPN service](http://developer.android.com/reference/android/net/VpnService.html),
|
||||||
|
then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service.
|
||||||
|
|
||||||
|
<a name="FAQ3"></a>
|
||||||
|
**(3) Can I use NetGuard on any Android version?**
|
||||||
|
|
||||||
|
No, the minimum required Android version is 5.0 (Lollipop) because NetGuard uses the [addDisallowedApplication](http://developer.android.com/reference/android/net/VpnService.Builder.html#addDisallowedApplication(java.lang.String))
|
||||||
|
method.
|
||||||
|
|
||||||
|
<a name="FAQ4"></a>
|
||||||
|
**(4) Will NetGuard use extra battery power?**
|
||||||
|
|
||||||
|
No, unlike most of the similar closed source alternatives.
|
||||||
|
|
||||||
|
<a name="FAQ5"></a>
|
||||||
|
**(5) Can you add selective allowing/blocking applications/IP addresses?**
|
||||||
|
|
||||||
|
Unfortunately, this is not possible without using significant battery power
|
||||||
|
and adding complex code to do network translation from OSI layer 3 to layer 4
|
||||||
|
(and thus implementing a TCP/IP stack), which will inevitably introduce bugs as well.
|
||||||
|
This is how most (perhaps all) other no-root firewalls work.
|
||||||
|
NetGuard is unique, because it doesn't implement a TCP/IP stack, and is therefore both highly efficient and simple.
|
||||||
|
|
||||||
|
For more advanced use cases, rooting your device and using an iptables based firewall,
|
||||||
|
like [AFWall+](https://github.com/ukanth/afwall), might be a better option and will not sacrifice any battery power.
|
||||||
|
|
||||||
|
<a name="FAQ6"></a>
|
||||||
|
**(6) Will NetGuard send my internet traffic to an external (VPN) server?**
|
||||||
|
|
||||||
|
No. It cannot even do this because NetGuard does not even have *internet* permission.
|
||||||
|
|
||||||
|
<a name="FAQ7"></a>
|
||||||
|
**(7) Why are applications without internet permission shown?**
|
||||||
|
|
||||||
|
Internet permission can be granted with each application update without user consent.
|
||||||
|
By showing all applications, NetGuard allows you to block internet access *before* such an update occurs.
|
||||||
|
|
||||||
|
<a name="FAQ8"></a>
|
||||||
|
**(8) What do I need to enable for the Google Play Store to work?**
|
||||||
|
|
||||||
|
You need 3 packages (applications) enabled (use search in NetGuard to find them quickly):
|
||||||
|
|
||||||
|
* com.android.vending
|
||||||
|
* com.google.android.gms
|
||||||
|
* com.android.providers.downloads
|
||||||
|
|
||||||
|
Since the Google Play Store has a tendency to check for updates or even download them all by itself (even if no account is associated),
|
||||||
|
one can keep it in check by enabling "*Allow when device in use*" for all 3 of these packages.
|
||||||
|
Click on the down arrow on the left side of an application name and check that option,
|
||||||
|
but leave the network icons set to red (hence blocked).The little human icon will appear for those packages.
|
||||||
|
By doing this, you can still open the Google Play Store and update/install/uninstall applications since it will have internet access,
|
||||||
|
but once you close it, it will not use any bandwidth.
|
||||||
|
|
||||||
|
<a name="FAQ9"></a>
|
||||||
|
**(9) Why is the VPN service being restart?**
|
||||||
|
|
||||||
|
The VPN service will be restarted when you turn the screen on or off and when connectivity changes (Wi-Fi, mobile)
|
||||||
|
to apply the rules with the conditions '*Allow when screen is on*' and '*Block when roaming*'.
|
||||||
|
|
||||||
|
<a name="FAQ10"></a>
|
||||||
|
**(10) Will you provide a Tasker plug-in?**
|
||||||
|
|
||||||
|
If disabling NetGuard is allowed to Tasker, any application can disabled NetGuard too.
|
||||||
|
Allowing to disable a security application from other applications is not a good idea.
|
||||||
|
|
||||||
|
<a name="FAQ12"></a>
|
||||||
|
**(12) Can you add on demand asking to block/allow access?**
|
||||||
|
|
||||||
|
Besides that this requires questionable Android permissions,
|
||||||
|
it is not possible to implement this, given the way NetGuard works.
|
||||||
|
For more details, see [question 5](#FAQ5).
|
||||||
|
|
||||||
|
<a name="FAQ13"></a>
|
||||||
|
**(13) How can I remove the ongoing NetGuard entry in the notification screen?**
|
||||||
|
|
||||||
|
* Long click the NetGuard notification
|
||||||
|
* Tap the 'i' icon
|
||||||
|
* Depending on your device and/or ROMs manufacturer software customisations, you can be directed to either:
|
||||||
|
* the **App Info** screen and you can uncheck '*Show notifications*' and agree to the next dialog
|
||||||
|
* the **App Notifications** screen and you can toggle the '*Block*' slider to on
|
||||||
|
|
||||||
|
Note that, whether or not you get a dialog warning to agree upon, this operation will disable any warning notifications from NetGuard as well.
|
||||||
|
|
||||||
|
<a name="FAQ14"></a>
|
||||||
|
**(14) Why can't I select OK to approve the VPN connection request?**
|
||||||
|
|
||||||
|
There might be another application on top of the VPN connection request dialog.
|
||||||
|
Some known (screen dimming) applications which can cause this are Lux Brightness, Night Mode, and Twilight.
|
||||||
|
To avoid this problem, at least temporary, close all applications and/or services which may be running in the background.
|
||||||
|
|
||||||
|
<a name="FAQ15"></a>
|
||||||
|
**(15) Why don't you support F-Droid?**
|
||||||
|
|
||||||
|
Because F-Droid doesn't support reproducible builds.
|
||||||
|
Read [here](https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise) why this is important.
|
||||||
|
|
||||||
|
<a name="FAQ16"></a>
|
||||||
|
**(16) Why are some applications shown dimmed?**
|
||||||
|
|
||||||
|
Disabled applications and applications without internet permission are shown dimmed.
|
||||||
|
|
||||||
|
<a name="FAQ17"></a>
|
||||||
|
**(17) Why is NetGuard using so much memory?**
|
||||||
|
|
||||||
|
It isn't, NetGuard doesn't allocate any memory, except a little for displaying the user interface elements.
|
||||||
|
It appeared that on some Android variants the Play store connection, using almost 150 MB and needed for in-app donations,
|
||||||
|
is incorrectly attributed to NetGuard instead to the Play store.
|
||||||
|
|
||||||
|
<a name="FAQ18"></a>
|
||||||
|
**(18) Why can I not find NetGuard in the Play store?**
|
||||||
|
|
||||||
|
NetGuard requires at least Android 5.0, so it is not available in the Play store for devices running older Android versions.
|
||||||
|
|
||||||
|
Some devices have an Android variant with a bug in the services NetGuard requires.
|
||||||
|
These devices are black listed for the Play store. See also about [compatibility](#compatibility).
|
||||||
|
|
||||||
|
<a name="FAQ19"></a>
|
||||||
|
**(19) Why does aplication xyz still have internet access?**
|
||||||
|
|
||||||
|
If you block internet access for an application, there is no way around it.
|
||||||
|
However, applications could access the internet through other applications, like Google Play services.
|
||||||
|
You can prevent this by blocking internet access for the other application as well.
|
||||||
|
|
||||||
|
<a name="FAQ20"></a>
|
||||||
|
**(20) Can I Greenify NetGuard?**
|
||||||
|
|
||||||
|
No. [Greenifying](https://play.google.com/store/apps/details?id=com.oasisfeng.greenify)
|
||||||
|
or otherwise hibernating NetGuard will result in rules not being applied
|
||||||
|
when connectivity changes from Wi-Fi/mobile, screen on/off and roaming/not roaming.
|
91
README.md
91
README.md
|
@ -79,150 +79,97 @@ Frequently Asked Questions (FAQ)
|
||||||
<a name="FAQ1"></a>
|
<a name="FAQ1"></a>
|
||||||
**(1) Can NetGuard completely protect my privacy?**
|
**(1) Can NetGuard completely protect my privacy?**
|
||||||
|
|
||||||
No - nothing can completely protect your privacy.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ1).
|
||||||
NetGuard will do its best, but it is limited by the fact it must use the VPN service.
|
|
||||||
This is the trade-off required to make a firewall which does not require root access.
|
|
||||||
The firewall can only start when Android "allows" it to start,
|
|
||||||
so it will not offer protection during early boot-up (although your network may not be loaded at that time).
|
|
||||||
It will, however, be much better than nothing, especially if you are not rebooting often.
|
|
||||||
|
|
||||||
If you want to protect yourself more, you can (at least in theory) disable Wi-Fi and mobile data before rebooting,
|
|
||||||
and only enable them on reboot, after the firewall service has started (and the small key icon is visible in the status bar).
|
|
||||||
|
|
||||||
Thanks @[pulser](https://github.com/pulser/)
|
|
||||||
|
|
||||||
<a name="FAQ2"></a>
|
<a name="FAQ2"></a>
|
||||||
**(2) Can I use VPN applications while using NetGuard?**
|
**(2) Can I use VPN applications while using NetGuard?**
|
||||||
|
|
||||||
If the VPN application is using the [VPN service](http://developer.android.com/reference/android/net/VpnService.html),
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ2).
|
||||||
then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service.
|
|
||||||
|
|
||||||
<a name="FAQ3"></a>
|
<a name="FAQ3"></a>
|
||||||
**(3) Can I use NetGuard on any Android version?**
|
**(3) Can I use NetGuard on any Android version?**
|
||||||
|
|
||||||
No, the minimum required Android version is 5.0 (Lollipop) because NetGuard uses the [addDisallowedApplication](http://developer.android.com/reference/android/net/VpnService.Builder.html#addDisallowedApplication(java.lang.String))
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ3).
|
||||||
method.
|
|
||||||
|
|
||||||
<a name="FAQ4"></a>
|
<a name="FAQ4"></a>
|
||||||
**(4) Will NetGuard use extra battery power?**
|
**(4) Will NetGuard use extra battery power?**
|
||||||
|
|
||||||
No, unlike most of the similar closed source alternatives.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ4).
|
||||||
|
|
||||||
<a name="FAQ5"></a>
|
<a name="FAQ5"></a>
|
||||||
**(5) Can you add selective allowing/blocking applications/IP addresses?**
|
**(5) Can you add selective allowing/blocking applications/IP addresses?**
|
||||||
|
|
||||||
Unfortunately, this is not possible without using significant battery power
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ5).
|
||||||
and adding complex code to do network translation from OSI layer 3 to layer 4
|
|
||||||
(and thus implementing a TCP/IP stack), which will inevitably introduce bugs as well.
|
|
||||||
This is how most (perhaps all) other no-root firewalls work.
|
|
||||||
NetGuard is unique, because it doesn't implement a TCP/IP stack, and is therefore both highly efficient and simple.
|
|
||||||
|
|
||||||
For more advanced use cases, rooting your device and using an iptables based firewall,
|
|
||||||
like [AFWall+](https://github.com/ukanth/afwall), might be a better option and will not sacrifice any battery power.
|
|
||||||
|
|
||||||
<a name="FAQ6"></a>
|
<a name="FAQ6"></a>
|
||||||
**(6) Will NetGuard send my internet traffic to an external (VPN) server?**
|
**(6) Will NetGuard send my internet traffic to an external (VPN) server?**
|
||||||
|
|
||||||
No. It cannot even do this because NetGuard does not even have *internet* permission.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ6).
|
||||||
|
|
||||||
<a name="FAQ7"></a>
|
<a name="FAQ7"></a>
|
||||||
**(7) Why are applications without internet permission shown?**
|
**(7) Why are applications without internet permission shown?**
|
||||||
|
|
||||||
Internet permission can be granted with each application update without user consent.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ7).
|
||||||
By showing all applications, NetGuard allows you to block internet access *before* such an update occurs.
|
|
||||||
|
|
||||||
<a name="FAQ8"></a>
|
<a name="FAQ8"></a>
|
||||||
**(8) What do I need to enable for the Google Play Store to work?**
|
**(8) What do I need to enable for the Google Play Store to work?**
|
||||||
|
|
||||||
You need 3 packages (applications) enabled (use search in NetGuard to find them quickly):
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ8).
|
||||||
|
|
||||||
* com.android.vending
|
|
||||||
* com.google.android.gms
|
|
||||||
* com.android.providers.downloads
|
|
||||||
|
|
||||||
Since the Google Play Store has a tendency to check for updates or even download them all by itself (even if no account is associated),
|
|
||||||
one can keep it in check by enabling "*Allow when device in use*" for all 3 of these packages.
|
|
||||||
Click on the down arrow on the left side of an application name and check that option,
|
|
||||||
but leave the network icons set to red (hence blocked).The little human icon will appear for those packages.
|
|
||||||
By doing this, you can still open the Google Play Store and update/install/uninstall applications since it will have internet access,
|
|
||||||
but once you close it, it will not use any bandwidth.
|
|
||||||
|
|
||||||
<a name="FAQ9"></a>
|
<a name="FAQ9"></a>
|
||||||
**(9) Why is the VPN service being restart?**
|
**(9) Why is the VPN service being restart?**
|
||||||
|
|
||||||
The VPN service will be restarted when you turn the screen on or off and when connectivity changes (Wi-Fi, mobile)
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ9).
|
||||||
to apply the rules with the conditions '*Allow when screen is on*' and '*Block when roaming*'.
|
|
||||||
|
|
||||||
<a name="FAQ10"></a>
|
<a name="FAQ10"></a>
|
||||||
**(10) Will you provide a Tasker plug-in?**
|
**(10) Will you provide a Tasker plug-in?**
|
||||||
|
|
||||||
If disabling NetGuard is allowed to Tasker, any application can disabled NetGuard too.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ10).
|
||||||
Allowing to disable a security application from other applications is not a good idea.
|
|
||||||
|
|
||||||
<a name="FAQ12"></a>
|
<a name="FAQ12"></a>
|
||||||
**(12) Can you add on demand asking to block/allow access?**
|
**(12) Can you add on demand asking to block/allow access?**
|
||||||
|
|
||||||
Besides that this requires questionable Android permissions,
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ12).
|
||||||
it is not possible to implement this, given the way NetGuard works.
|
|
||||||
For more details, see [question 5](#FAQ5).
|
|
||||||
|
|
||||||
<a name="FAQ13"></a>
|
<a name="FAQ13"></a>
|
||||||
**(13) How can I remove the ongoing NetGuard entry in the notification screen?**
|
**(13) How can I remove the ongoing NetGuard entry in the notification screen?**
|
||||||
|
|
||||||
* Long click the NetGuard notification
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ13).
|
||||||
* Tap the 'i' icon
|
|
||||||
* Depending on your device and/or ROMs manufacturer software customisations, you can be directed to either:
|
|
||||||
* the **App Info** screen and you can uncheck '*Show notifications*' and agree to the next dialog
|
|
||||||
* the **App Notifications** screen and you can toggle the '*Block*' slider to on
|
|
||||||
|
|
||||||
Note that, whether or not you get a dialog warning to agree upon, this operation will disable any warning notifications from NetGuard as well.
|
|
||||||
|
|
||||||
<a name="FAQ14"></a>
|
<a name="FAQ14"></a>
|
||||||
**(14) Why can't I select OK to approve the VPN connection request?**
|
**(14) Why can't I select OK to approve the VPN connection request?**
|
||||||
|
|
||||||
There might be another application on top of the VPN connection request dialog.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ14).
|
||||||
Some known (screen dimming) applications which can cause this are Lux Brightness, Night Mode, and Twilight.
|
|
||||||
To avoid this problem, at least temporary, close all applications and/or services which may be running in the background.
|
|
||||||
|
|
||||||
<a name="FAQ15"></a>
|
<a name="FAQ15"></a>
|
||||||
**(15) Why don't you support F-Droid?**
|
**(15) Why don't you support F-Droid?**
|
||||||
|
|
||||||
Because F-Droid doesn't support reproducible builds.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ15).
|
||||||
Read [here](https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise) why this is important.
|
|
||||||
|
|
||||||
<a name="FAQ16"></a>
|
<a name="FAQ16"></a>
|
||||||
**(16) Why are some applications shown dimmed?**
|
**(16) Why are some applications shown dimmed?**
|
||||||
|
|
||||||
Disabled applications and applications without internet permission are shown dimmed.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ16).
|
||||||
|
|
||||||
<a name="FAQ17"></a>
|
<a name="FAQ17"></a>
|
||||||
**(17) Why is NetGuard using so much memory?**
|
**(17) Why is NetGuard using so much memory?**
|
||||||
|
|
||||||
It isn't, NetGuard doesn't allocate any memory, except a little for displaying the user interface elements.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ17).
|
||||||
It appeared that on some Android variants the Play store connection, using almost 150 MB and needed for in-app donations,
|
|
||||||
is incorrectly attributed to NetGuard instead to the Play store.
|
|
||||||
|
|
||||||
<a name="FAQ18"></a>
|
<a name="FAQ18"></a>
|
||||||
**(18) Why can I not find NetGuard in the Play store?**
|
**(18) Why can I not find NetGuard in the Play store?**
|
||||||
|
|
||||||
NetGuard requires at least Android 5.0, so it is not available in the Play store for devices running older Android versions.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ18).
|
||||||
|
|
||||||
Some devices have an Android variant with a bug in the services NetGuard requires.
|
|
||||||
These devices are black listed for the Play store. See also about [compatibility](#compatibility).
|
|
||||||
|
|
||||||
<a name="FAQ19"></a>
|
<a name="FAQ19"></a>
|
||||||
**(19) Why does aplication xyz still have internet access?**
|
**(19) Why does aplication xyz still have internet access?**
|
||||||
|
|
||||||
If you block internet access for an application, there is no way around it.
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ19).
|
||||||
However, applications could access the internet through other applications, like Google Play services.
|
|
||||||
You can prevent this by blocking internet access for the other application as well.
|
|
||||||
|
|
||||||
<a name="FAQ20"></a>
|
<a name="FAQ20"></a>
|
||||||
**(20) Can I Greenify NetGuard?**
|
**(20) Can I Greenify NetGuard?**
|
||||||
|
|
||||||
No. [Greenifying](https://play.google.com/store/apps/details?id=com.oasisfeng.greenify)
|
This question has been moved [here](https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ20).
|
||||||
or otherwise hibernating NetGuard will result in rules not being applied
|
|
||||||
when connectivity changes from Wi-Fi/mobile, screen on/off and roaming/not roaming.
|
|
||||||
|
|
||||||
Permissions
|
Permissions
|
||||||
-----------
|
-----------
|
||||||
|
|
Loading…
Reference in New Issue