mirror of
https://github.com/M66B/NetGuard.git
synced 2024-12-26 01:38:07 +00:00
307 lines
13 KiB
Markdown
307 lines
13 KiB
Markdown
# NetGuard
|
|
|
|
*NetGuard* provides a simple way to block access to the internet - no root required.
|
|
Applications can individually be allowed or denied access to your Wi-Fi and/or mobile connection.
|
|
|
|
Blocking access to the internet can help:
|
|
|
|
* reduce your data usage
|
|
* save your battery
|
|
* increase your privacy
|
|
|
|
NetGuard is possibly the first free and open source no-root firewall for Android.
|
|
|
|
Downloads:
|
|
--------
|
|
|
|
<a href="https://github.com/M66B/NetGuard/releases"><img src="https://assets-cdn.github.com/images/modules/logos_page/GitHub-Logo.png" align="left" height="32" ></a> (stable) <br />
|
|
<br />
|
|
<a href="https://play.google.com/store/apps/details?id=eu.faircode.netguard"><img src="http://developer.android.com/images/brand/en_generic_rgb_wo_60.png" align="left" height="60" ></a> (stable) <br />
|
|
<br />
|
|
<a href="https://play.google.com/apps/testing/eu.faircode.netguard"><img src="http://developer.android.com/images/brand/en_generic_rgb_wo_60.png" align="left" height="60" ></a> (beta) <br />
|
|
<br />
|
|
<a href="https://f-droid.org/repository/browse/?fdid=eu.faircode.netguard"><img src="https://upload.wikimedia.org/wikipedia/commons/thumb/0/0d/Get_it_on_F-Droid.svg/320px-Get_it_on_F-Droid.svg.png" align="left" height="60" ></a> (unsupported, often outdated) <br />
|
|
<br />
|
|
<a href="https://labs.xda-developers.com/store/app/eu.faircode.netguard"><img src="https://cdn1.xda-developers.com/images/2015/xda-logo.svg" align="left" height="32" ></a> ( [XDA app](http://forum.xda-developers.com/android/apps-games/labs-t3241866) )
|
|
|
|
Screenshots
|
|
--------
|
|
|
|
<img src="screenshot1.png" width="320" height="569" />
|
|
|
|
<img src="screenshot2.png" width="320" height="569" />
|
|
|
|
Features
|
|
--------
|
|
|
|
* No root required
|
|
* Simple to use
|
|
* Free of charge
|
|
* Open source
|
|
* No extra battery usage
|
|
* No bandwidth reduction
|
|
* No calling home
|
|
* No tracking or analytics
|
|
* No ads
|
|
* No internet permission required
|
|
* IPv4/IPv6 TCP/UDP supported
|
|
* Optionally allow when screen on
|
|
* Optionally block when roaming
|
|
* Optionally block system applications
|
|
* Material design
|
|
|
|
Most of these features are the result of sending selected traffic to a sinkhole, instead of filtering all internet traffic.
|
|
This means that advanced features, like address based filtering (needed for ad blocking), traffic logging, and on-demand configuration, are not possible.
|
|
Routing selected traffic into a sinkhole relies on an API introduced in Android 5.0 (Lollipop),
|
|
therefore older Android versions unfortunately cannot be supported.
|
|
|
|
Usage
|
|
-----
|
|
|
|
* Enable the firewall using the switch in the action bar
|
|
* Allow/deny Wi-Fi/mobile internet access using the icons along the right side of the application list
|
|
|
|
Permissions
|
|
-----------
|
|
|
|
* ACCESS_NETWORK_STATE: to check if the device is connected to the internet through Wi-Fi
|
|
* RECEIVE_BOOT_COMPLETED: to start the firewall when booting the device
|
|
* WAKE_LOCK: to reliably reload rules in the background on connectivity changes
|
|
* com.android.vending.BILLING: to accept donations via in-app billing
|
|
|
|
Compatibility
|
|
-------------
|
|
|
|
Devices / ROMs with a broken VPN implementation:
|
|
|
|
* Asus™ ZenFone 2 / Android 5.0.2/5.1.1, [reported on XDA](http://forum.xda-developers.com/showpost.php?p=63619542&postcount=121) (all traffic blocked)
|
|
* Asus™ ZenFone 4 / Android 5.0, (reported in the Play store) (all traffic blocked)
|
|
* BQ™ Aquaris M5 / Android 5.0 (reported in the Play store) (all traffic blocked)
|
|
* Lenovo™ Yoga Tablet Pro-1380L / Yoga Tablet 2 Pro / Android 5.0.1, [reported on XDA](http://forum.xda-developers.com/showpost.php?p=63784102&postcount=278) (all traffic blocked)
|
|
* Samsung™ Galaxy A5 / Android 5.0.2, [reported on Github](https://github.com/M66B/NetGuard/issues/20) (all traffic blocked)
|
|
* Sony™ Xperia™ M4 Aqua Dual / Android 5.0 (reported in the Play store) (all traffic blocked)
|
|
|
|
Unfortunately this cannot be worked around.
|
|
|
|
NetGuard will crash when the package *com.android.vpndialogs* has been removed or otherwise is unavailable.
|
|
Unfortunately this cannot be worked around.
|
|
|
|
Tethering will not work when NetGuard is enabled due to a bug in Android ([issue](https://github.com/M66B/NetGuard/issues/42)).
|
|
Unfortunately this cannot be worked around.
|
|
|
|
[Greenifying](https://play.google.com/store/apps/details?id=com.oasisfeng.greenify) NetGuard will result in rules not being applied
|
|
when connectivity changes from Wi-Fi/mobile, screen on/off, and roaming/not roaming.
|
|
|
|
Frequently Asked Questions (FAQ)
|
|
--------------------------------
|
|
|
|
<a name="FAQ1"></a>
|
|
**(1) Can NetGuard completely protect my privacy?**
|
|
|
|
No - nothing can completely protect your privacy.
|
|
NetGuard will do its best, but it is limited by the fact it must use the VPN service.
|
|
This is the trade-off required to make a firewall which does not require root access.
|
|
The firewall can only start when Android "allows" it to start,
|
|
so it will not offer protection during early boot-up (although your network may not be loaded at that time).
|
|
It will, however, be much better than nothing, especially if you are not rebooting often.
|
|
|
|
If you want to protect yourself more, you can (at least in theory) disable Wi-Fi and mobile data before rebooting,
|
|
and only enable them on reboot, after the firewall service has started (and the small key icon is visible in the status bar).
|
|
|
|
Thanks @[pulser](https://github.com/pulser/)
|
|
|
|
<a name="FAQ2"></a>
|
|
**(2) Can I use VPN applications while using NetGuard?**
|
|
|
|
If the VPN application is using the [VPN service](http://developer.android.com/reference/android/net/VpnService.html),
|
|
then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service.
|
|
|
|
<a name="FAQ3"></a>
|
|
**(3) Can I use NetGuard on any Android version?**
|
|
|
|
No, the minimum required Android version is 5.0 (Lollipop) because NetGuard uses the [addDisallowedApplication](http://developer.android.com/reference/android/net/VpnService.Builder.html#addDisallowedApplication(java.lang.String))
|
|
method.
|
|
|
|
<a name="FAQ4"></a>
|
|
**(4) Will NetGuard use extra battery power?**
|
|
|
|
No, unlike most of the similar closed source alternatives.
|
|
|
|
<a name="FAQ5"></a>
|
|
**(5) Can you add selective allowing/blocking applications/IP addresses?**
|
|
|
|
Unfortunately, this is not possible without using significant battery power
|
|
and adding complex code to do network translation from OSI layer 3 to layer 4
|
|
(and thus implementing a TCP/IP stack), which will inevitably introduce bugs as well.
|
|
This is how most (perhaps all) other no-root firewalls work.
|
|
NetGuard is unique, because it doesn't implement a TCP/IP stack, and is therefore both highly efficient and simple.
|
|
|
|
For more advanced use cases, rooting your device and using an iptables based firewall,
|
|
like [AFWall+](https://github.com/ukanth/afwall), might be a better option and will not sacrifice any battery power.
|
|
|
|
<a name="FAQ6"></a>
|
|
**(6) Will NetGuard send my internet traffic to an external (VPN) server?**
|
|
|
|
No. It cannot even do this because NetGuard does not even have *internet* permission.
|
|
|
|
<a name="FAQ7"></a>
|
|
**(7) Why are applications without internet permission shown?**
|
|
|
|
Internet permission can be granted with each application update without user consent.
|
|
By showing all applications, NetGuard allows you to block internet access *before* such an update occurs.
|
|
|
|
<a name="FAQ8"></a>
|
|
**(8) What do I need to enable for the Google Play Store to work?**
|
|
|
|
You need 3 packages (applications) enabled (use search in NetGuard to find them quickly):
|
|
|
|
* com.android.vending
|
|
* com.google.android.gms
|
|
* com.android.providers.downloads
|
|
|
|
Since the Google Play Store has a tendency to check for updates or even download them all by itself (even if no account is associated),
|
|
one can keep it in check by enabling "*Allow when device in use*" for all 3 of these packages.
|
|
Click on the down arrow on the left side of an application name and check that option,
|
|
but leave the network icons set to red (hence blocked).The little human icon will appear for those packages.
|
|
By doing this, you can still open the Google Play Store and update/install/uninstall applications since it will have internet access,
|
|
but once you close it, it will not use any bandwidth.
|
|
|
|
<a name="FAQ9"></a>
|
|
**(9) Why is the VPN service being restart?**
|
|
|
|
The VPN service will be restarted when you turn the screen on or off and when connectivity changes (Wi-Fi, mobile)
|
|
to apply the rules with the conditions '*Allow when screen is on*' and '*Block when roaming*'.
|
|
|
|
<a name="FAQ10"></a>
|
|
**(10) Will you provide a Tasker plug-in?**
|
|
|
|
If disabling NetGuard is allowed to Tasker, any application can disabled NetGuard too.
|
|
Allowing to disable a security application from other applications is not a good idea.
|
|
|
|
<a name="FAQ12"></a>
|
|
**(12) Can you add on demand asking to block/allow access?**
|
|
|
|
Besides that this requires questionable Android permissions,
|
|
it is not possible to implement this, given the way NetGuard works.
|
|
For more details, see [question 5](#FAQ5).
|
|
|
|
<a name="FAQ13"></a>
|
|
**(13) How can I remove the ongoing NetGuard entry in the notification screen?**
|
|
|
|
* Long click the NetGuard notification
|
|
* Tap the 'i' icon
|
|
* Depending on your device and/or ROMs manufacturer software customisations, you can be directed to either:
|
|
* the **App Info** screen and you can uncheck '*Show notifications*' and agree to the next dialog
|
|
* the **App Notifications** screen and you can toggle the '*Block*' slider to on
|
|
|
|
Note that, whether or not you get a dialog warning to agree upon, this operation will disable any warning notifications from NetGuard as well.
|
|
|
|
<a name="FAQ14"></a>
|
|
**(14) Why can't I select OK to approve the VPN connection request?**
|
|
|
|
Please read [here](https://community.f-secure.com/t5/F-Secure/Android-Lollipop-Cannot-select/td-p/64502).
|
|
|
|
<a name="FAQ15"></a>
|
|
**(15) Why don't you support F-Droid?**
|
|
|
|
Because F-Droid doesn't support reproducible builds.
|
|
Read [here](https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise) why this is important.
|
|
|
|
<a name="FAQ16"></a>
|
|
**(16) Why are some applications shown dimmed?**
|
|
|
|
Disabled applications and applications without internet permission are shown dimmed.
|
|
|
|
<a name="FAQ17"></a>
|
|
**(17) Why is NetGuard using so much memory?**
|
|
|
|
It isn't, NetGuard doesn't allocate any memory, except a little for displaying the user interface elements.
|
|
It appeared that on some Android variants the Play store connection, using almost 150 MB and needed for in-app donations,
|
|
is incorrectly attributed to NetGuard instead to the Play store.
|
|
|
|
<a name="FAQ18"></a>
|
|
**(18) Why can I not find NetGuard in the Play store?**
|
|
|
|
NetGuard requires at least Android 5.0, so it is not available in the Play store for devices running older Android versions.
|
|
|
|
Some devices have an Android variant with a bug in the services NetGuard requires.
|
|
These devices are black listed for the Play store. See also about [compatibility](#compatibility).
|
|
|
|
<a name="FAQ19"></a>
|
|
**(19) Why does aplication xyz still have internet access?**
|
|
|
|
If you block internet access for an application, there is no way around it.
|
|
However, applications could access the internet through other applications, like Google Play services.
|
|
You can prevent this by blocking internet access for the other application as well.
|
|
|
|
Support
|
|
-------
|
|
|
|
* Questions: please [use this XDA-Developers forum thread](http://forum.xda-developers.com/showthread.php?t=3233012)
|
|
* Feature requests and bugs: please [create an issue on GitHub](https://github.com/M66B/NetGuard/issues/new)
|
|
|
|
Please do not use GitHub for questions.
|
|
|
|
Contributing
|
|
------------
|
|
|
|
Translations:
|
|
|
|
* Translations to other languages are welcomed
|
|
* Check if the language [is supported by Android](http://stackoverflow.com/questions/7973023/what-is-the-list-of-supported-languages-locales-on-android) and find its locale
|
|
* Copy [this file](https://github.com/M66B/NetGuard/blob/master/app/src/main/res/values/strings.xml) to the [correct locale folder](https://github.com/M66B/NetGuard/blob/master/app/src/main/res/)
|
|
* Translate the strings in the copied file and omit all lines with **translatable="false"**
|
|
* Create a [pull request on GitHub](https://help.github.com/articles/using-pull-requests) for the new/updated translation
|
|
* If you don't feel comfortable using GitHub, you can sent the translation to *marcel(plus)netguard(at)faircode.eu*
|
|
|
|
Current translations:
|
|
|
|
1. Arabic (ar)
|
|
1. Dutch (nl)
|
|
1. Simplified Chinese (zh-rCN)
|
|
1. English
|
|
1. French (fr)
|
|
1. German (de)
|
|
1. Italian (it)
|
|
1. Japanese (ja)
|
|
1. Korean (ko)
|
|
1. Polish (pl)
|
|
1. Romanian (ro)
|
|
1. Russian (ru)
|
|
1. Slovak (sk)
|
|
1. Spanish (es)
|
|
1. Ukrainian (uk)
|
|
|
|
Please note that you agree to the license below by contributing, including the copyright.
|
|
|
|
Attribution
|
|
-----------
|
|
|
|
NetGuard uses:
|
|
|
|
* [Picasso](http://square.github.io/picasso/)
|
|
* [Android Support Library](https://developer.android.com/tools/support-library/index.html)
|
|
|
|
License
|
|
-------
|
|
|
|
[GNU General Public License version 3](http://www.gnu.org/licenses/gpl.txt)
|
|
|
|
Copyright (c) 2015 Marcel Bokhorst ([M66B](http://forum.xda-developers.com/member.php?u=2799345))
|
|
|
|
All rights reserved
|
|
|
|
This file is part of NetGuard.
|
|
|
|
NetGuard is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your discretion) any later version.
|
|
|
|
NetGuard is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with NetGuard. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/).
|