1
0
Fork 0
mirror of https://github.com/M66B/NetGuard.git synced 2024-12-26 01:38:07 +00:00
NetGuard/README.md
2015-11-16 12:23:40 +01:00

307 lines
13 KiB
Markdown

# NetGuard
*NetGuard* provides a simple way to block access to the internet - no root required.
Applications can individually be allowed or denied access to your Wi-Fi and/or mobile connection.
Blocking access to the internet can help:
* reduce your data usage
* save your battery
* increase your privacy
NetGuard is possibly the first free and open source no-root firewall for Android.
Downloads:
--------
<a href="https://github.com/M66B/NetGuard/releases"><img src="https://assets-cdn.github.com/images/modules/logos_page/GitHub-Logo.png" align="left" height="32" ></a> (stable) <br />
<br />
<a href="https://play.google.com/store/apps/details?id=eu.faircode.netguard"><img src="http://developer.android.com/images/brand/en_generic_rgb_wo_60.png" align="left" height="60" ></a> (stable) <br />
<br />
<a href="https://play.google.com/apps/testing/eu.faircode.netguard"><img src="http://developer.android.com/images/brand/en_generic_rgb_wo_60.png" align="left" height="60" ></a> (beta) <br />
<br />
<a href="https://f-droid.org/repository/browse/?fdid=eu.faircode.netguard"><img src="https://upload.wikimedia.org/wikipedia/commons/thumb/0/0d/Get_it_on_F-Droid.svg/320px-Get_it_on_F-Droid.svg.png" align="left" height="60" ></a> (unsupported, often outdated) <br />
<br />
<a href="https://labs.xda-developers.com/store/app/eu.faircode.netguard"><img src="https://cdn1.xda-developers.com/images/2015/xda-logo.svg" align="left" height="32" ></a> ( [XDA app](http://forum.xda-developers.com/android/apps-games/labs-t3241866) )
Screenshots
--------
<img src="screenshot1.png" width="320" height="569" />
<img src="screenshot2.png" width="320" height="569" />
Features
--------
* No root required
* Simple to use
* Free of charge
* Open source
* No extra battery usage
* No bandwidth reduction
* No calling home
* No tracking or analytics
* No ads
* No internet permission required
* IPv4/IPv6 TCP/UDP supported
* Optionally allow when screen on
* Optionally block when roaming
* Optionally block system applications
* Material design
Most of these features are the result of sending selected traffic to a sinkhole, instead of filtering all internet traffic.
This means that advanced features, like address based filtering (needed for ad blocking), traffic logging, and on-demand configuration, are not possible.
Routing selected traffic into a sinkhole relies on an API introduced in Android 5.0 (Lollipop),
therefore older Android versions unfortunately cannot be supported.
Usage
-----
* Enable the firewall using the switch in the action bar
* Allow/deny Wi-Fi/mobile internet access using the icons along the right side of the application list
Permissions
-----------
* ACCESS_NETWORK_STATE: to check if the device is connected to the internet through Wi-Fi
* RECEIVE_BOOT_COMPLETED: to start the firewall when booting the device
* WAKE_LOCK: to reliably reload rules in the background on connectivity changes
* com.android.vending.BILLING: to accept donations via in-app billing
Compatibility
-------------
Devices / ROMs with a broken VPN implementation:
* Asus™ ZenFone 2 / Android 5.0.2/5.1.1, [reported on XDA](http://forum.xda-developers.com/showpost.php?p=63619542&postcount=121) (all traffic blocked)
* Asus™ ZenFone 4 / Android 5.0, (reported in the Play store) (all traffic blocked)
* BQ™ Aquaris M5 / Android 5.0 (reported in the Play store) (all traffic blocked)
* Lenovo™ Yoga Tablet Pro-1380L / Yoga Tablet 2 Pro / Android 5.0.1, [reported on XDA](http://forum.xda-developers.com/showpost.php?p=63784102&postcount=278) (all traffic blocked)
* Samsung™ Galaxy A5 / Android 5.0.2, [reported on Github](https://github.com/M66B/NetGuard/issues/20) (all traffic blocked)
* Sony™ Xperia™ M4 Aqua Dual / Android 5.0 (reported in the Play store) (all traffic blocked)
Unfortunately this cannot be worked around.
NetGuard will crash when the package *com.android.vpndialogs* has been removed or otherwise is unavailable.
Unfortunately this cannot be worked around.
Tethering will not work when NetGuard is enabled due to a bug in Android ([issue](https://github.com/M66B/NetGuard/issues/42)).
Unfortunately this cannot be worked around.
[Greenifying](https://play.google.com/store/apps/details?id=com.oasisfeng.greenify) NetGuard will result in rules not being applied
when connectivity changes from Wi-Fi/mobile, screen on/off, and roaming/not roaming.
Frequently Asked Questions (FAQ)
--------------------------------
<a name="FAQ1"></a>
**(1) Can NetGuard completely protect my privacy?**
No - nothing can completely protect your privacy.
NetGuard will do its best, but it is limited by the fact it must use the VPN service.
This is the trade-off required to make a firewall which does not require root access.
The firewall can only start when Android "allows" it to start,
so it will not offer protection during early boot-up (although your network may not be loaded at that time).
It will, however, be much better than nothing, especially if you are not rebooting often.
If you want to protect yourself more, you can (at least in theory) disable Wi-Fi and mobile data before rebooting,
and only enable them on reboot, after the firewall service has started (and the small key icon is visible in the status bar).
Thanks @[pulser](https://github.com/pulser/)
<a name="FAQ2"></a>
**(2) Can I use VPN applications while using NetGuard?**
If the VPN application is using the [VPN service](http://developer.android.com/reference/android/net/VpnService.html),
then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service.
<a name="FAQ3"></a>
**(3) Can I use NetGuard on any Android version?**
No, the minimum required Android version is 5.0 (Lollipop) because NetGuard uses the [addDisallowedApplication](http://developer.android.com/reference/android/net/VpnService.Builder.html#addDisallowedApplication(java.lang.String))
method.
<a name="FAQ4"></a>
**(4) Will NetGuard use extra battery power?**
No, unlike most of the similar closed source alternatives.
<a name="FAQ5"></a>
**(5) Can you add selective allowing/blocking applications/IP addresses?**
Unfortunately, this is not possible without using significant battery power
and adding complex code to do network translation from OSI layer 3 to layer 4
(and thus implementing a TCP/IP stack), which will inevitably introduce bugs as well.
This is how most (perhaps all) other no-root firewalls work.
NetGuard is unique, because it doesn't implement a TCP/IP stack, and is therefore both highly efficient and simple.
For more advanced use cases, rooting your device and using an iptables based firewall,
like [AFWall+](https://github.com/ukanth/afwall), might be a better option and will not sacrifice any battery power.
<a name="FAQ6"></a>
**(6) Will NetGuard send my internet traffic to an external (VPN) server?**
No. It cannot even do this because NetGuard does not even have *internet* permission.
<a name="FAQ7"></a>
**(7) Why are applications without internet permission shown?**
Internet permission can be granted with each application update without user consent.
By showing all applications, NetGuard allows you to block internet access *before* such an update occurs.
<a name="FAQ8"></a>
**(8) What do I need to enable for the Google Play Store to work?**
You need 3 packages (applications) enabled (use search in NetGuard to find them quickly):
* com.android.vending
* com.google.android.gms
* com.android.providers.downloads
Since the Google Play Store has a tendency to check for updates or even download them all by itself (even if no account is associated),
one can keep it in check by enabling "*Allow when device in use*" for all 3 of these packages.
Click on the down arrow on the left side of an application name and check that option,
but leave the network icons set to red (hence blocked).The little human icon will appear for those packages.
By doing this, you can still open the Google Play Store and update/install/uninstall applications since it will have internet access,
but once you close it, it will not use any bandwidth.
<a name="FAQ9"></a>
**(9) Why is the VPN service being restart?**
The VPN service will be restarted when you turn the screen on or off and when connectivity changes (Wi-Fi, mobile)
to apply the rules with the conditions '*Allow when screen is on*' and '*Block when roaming*'.
<a name="FAQ10"></a>
**(10) Will you provide a Tasker plug-in?**
If disabling NetGuard is allowed to Tasker, any application can disabled NetGuard too.
Allowing to disable a security application from other applications is not a good idea.
<a name="FAQ12"></a>
**(12) Can you add on demand asking to block/allow access?**
Besides that this requires questionable Android permissions,
it is not possible to implement this, given the way NetGuard works.
For more details, see [question 5](#FAQ5).
<a name="FAQ13"></a>
**(13) How can I remove the ongoing NetGuard entry in the notification screen?**
* Long click the NetGuard notification
* Tap the 'i' icon
* Depending on your device and/or ROMs manufacturer software customisations, you can be directed to either:
* the **App Info** screen and you can uncheck '*Show notifications*' and agree to the next dialog
* the **App Notifications** screen and you can toggle the '*Block*' slider to on
Note that, whether or not you get a dialog warning to agree upon, this operation will disable any warning notifications from NetGuard as well.
<a name="FAQ14"></a>
**(14) Why can't I select OK to approve the VPN connection request?**
Please read [here](https://community.f-secure.com/t5/F-Secure/Android-Lollipop-Cannot-select/td-p/64502).
<a name="FAQ15"></a>
**(15) Why don't you support F-Droid?**
Because F-Droid doesn't support reproducible builds.
Read [here](https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise) why this is important.
<a name="FAQ16"></a>
**(16) Why are some applications shown dimmed?**
Disabled applications and applications without internet permission are shown dimmed.
<a name="FAQ17"></a>
**(17) Why is NetGuard using so much memory?**
It isn't, NetGuard doesn't allocate any memory, except a little for displaying the user interface elements.
It appeared that on some Android variants the Play store connection, using almost 150 MB and needed for in-app donations,
is incorrectly attributed to NetGuard instead to the Play store.
<a name="FAQ18"></a>
**(18) Why can I not find NetGuard in the Play store?**
NetGuard requires at least Android 5.0, so it is not available in the Play store for devices running older Android versions.
Some devices have an Android variant with a bug in the services NetGuard requires.
These devices are black listed for the Play store. See also about [compatibility](#compatibility).
<a name="FAQ19"></a>
**(19) Why does aplication xyz still have internet access?**
If you block internet access for an application, there is no way around it.
However, applications could access the internet through other applications, like Google Play services.
You can prevent this by blocking internet access for the other application as well.
Support
-------
* Questions: please [use this XDA-Developers forum thread](http://forum.xda-developers.com/showthread.php?t=3233012)
* Feature requests and bugs: please [create an issue on GitHub](https://github.com/M66B/NetGuard/issues/new)
Please do not use GitHub for questions.
Contributing
------------
Translations:
* Translations to other languages are welcomed
* Check if the language [is supported by Android](http://stackoverflow.com/questions/7973023/what-is-the-list-of-supported-languages-locales-on-android) and find its locale
* Copy [this file](https://github.com/M66B/NetGuard/blob/master/app/src/main/res/values/strings.xml) to the [correct locale folder](https://github.com/M66B/NetGuard/blob/master/app/src/main/res/)
* Translate the strings in the copied file and omit all lines with **translatable="false"**
* Create a [pull request on GitHub](https://help.github.com/articles/using-pull-requests) for the new/updated translation
* If you don't feel comfortable using GitHub, you can sent the translation to *marcel(plus)netguard(at)faircode.eu*
Current translations:
1. Arabic (ar)
1. Dutch (nl)
1. Simplified Chinese (zh-rCN)
1. English
1. French (fr)
1. German (de)
1. Italian (it)
1. Japanese (ja)
1. Korean (ko)
1. Polish (pl)
1. Romanian (ro)
1. Russian (ru)
1. Slovak (sk)
1. Spanish (es)
1. Ukrainian (uk)
Please note that you agree to the license below by contributing, including the copyright.
Attribution
-----------
NetGuard uses:
* [Picasso](http://square.github.io/picasso/)
* [Android Support Library](https://developer.android.com/tools/support-library/index.html)
License
-------
[GNU General Public License version 3](http://www.gnu.org/licenses/gpl.txt)
Copyright (c) 2015 Marcel Bokhorst ([M66B](http://forum.xda-developers.com/member.php?u=2799345))
All rights reserved
This file is part of NetGuard.
NetGuard is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your discretion) any later version.
NetGuard is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with NetGuard. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/).