[Android, Root Required] Block apps from accessing the Internet with DroidWall

I am one of those people that likes to control what programs on my computer access the Internet. Indeed, I had friends over a couple of weeks ago and one of the comments a friend of mine kept making is “you have your computer locked down so much it hardly works”. When I got my Android phone, it was somewhat of a semi-culture shock with 3 out of 4 apps requesting Internet access privileges and me being powerless to stop them, aside from not installing the apps at all. So imagine my joy when I discovered DroidWall, a firewall for Android phones.

Image Credit: frostnova

What is DroidWall?

On your Windows PC a firewall typically constitutes a program that is running all the time, controlling access to your computer. DroidWall is not like that. On Linux (yes, Android is essentially a Linux distro) the idea of a “firewall” is manipulating Linux’s iptables; that is to say, creating rules in the iptables to block certain programs – or apps, in the case of an Android phone – from accessing the Internet. That is how DroidWall works. It isn’t an always-on-program like the the firewalls you find in Windows. Rather, with DroidWall users select which apps to block (or allow, depending on which mode you are running it in), apply the rules, and you are finished. You only need to run DroidWall whenever you want to change the rules.

Why use DroidWall?

One of the most obvious uses of DroidWall is to prevent apps from unnecessarily using data. Some people, in fact many people now thanks to tiered data plans and soft-caps on “unlimited” plans, have a limit to how much data they can use per month. DroidWall is an easy way to prevent apps from wasting that quota.

Another reason is to block ads: If an app cannot access the Internet, it cannot display ads. However, if you are looking to block ads, you are better off going with AdFree Android because it works a lot better in blocking ads; with DroidWall users won’t be able to block ads from apps that need Internet access to be used.

Lastly, and my personal favorite, is simply to block apps from accessing the Internet. It seems like every app and their grandmother wants “full Internet access”. Most of the time this access is to display ads; but other times it is not. I, for one, use my phone for many personal things. I am not comfortable with giving every app Internet access for no good reason. If an app needs Internet access to function, fine it can have it; if it doesn’t (like many games don’t need Internet access to work properly), then¬† see no reason to give it Internet access. On a similar note, I block apps from Internet access if I don’t agree with what permissions they request. For example, Barcode Scanner is a brilliant barcode scanning app. (I use it mostly for QR codes.) The app requests various different permissions, two of which are accessing my personal information (browser’s history and bookmarks, and my contact data) and Internet. Although the developer explains why the app requests contacts data – and the app is probably non-malicious – I just don’t feel comfortable with it having access to my contacts data nor my browsing history. By blocking Barcode Scanner’s Internet access, I feel reassured that even though it can access my contacts data and browsing history, it cannot do anything with it.

Using DroidWall

DroidWall operates in two modes: “White list” and “Black list”. In White list mode all apps are blocked from accessing the Internet and users must specifically give apps permission to access the Internet:

In Black list mode all apps are allowed to access the Internet and users must specifically block apps from accessing the Internet:

The mode can be changed by tapping on the mode line at the top and selecting what mode you want to be in:

By default DroidWall is in White list mode; users who want Black list mode must manually change it to that. Also note by default DroidWall comes in disabled – users must manually enable DroidWall after installing it:

(Tap the Settings key on your phone to bring up the menu shown in the above screenshot. You will be asked to give DroidWall root access.)

Once you have decided which mode you want – and you have enabled DroidWall – simply check the boxes next to the apps you want to allow/disallow (depending on what mode you are in). As you can see from the above screenshots, you can selectively block access from WiFi or phone data, or both. (Take note that the program shows “3G” for phone data but it should work with 2G/4G data also; however I don’t know for sure.) Once you have marked the apps you want, tap Save rules

…and the rules will be applied.

As I already mentioned, because of the way Linux works, DroidWall need not be running all the time. DroidWall simply changes rules in the iptables as you tell it to and that is that: You never have to run DroidWall again, unless you want to change the rules.

Whenever you want to go back and modify Internet access for apps, simply run DroidWall, change whatever you want to change, and tap Save rules to apply the new rules.

Logging, Rules, and Password Protection

DroidWall can log specific instances when it blocks access to apps, show the explicit rules it creates, and password protect itself so people without the password cannot change the program settings:

(The menu shown in the above screenshot can be access via Settings -> More.)

Take note that logging must first be manually enabled via Settings -> Log disabled.

Conclusion and Download Links

I think I am in love. With DroidWall. I honestly feel this is an absolute must-have program for all Android phones. Highly recommended. I only wish a similar program is created to control other aspects of phones that apps request, like making phone calls and sending SMS.

To grab DroidWall, search the Android Marketplace for “DroidWall”, use your barcode scanner on the QR code found below, or load up this page on your Android phone and click on the following links:

Version reviewed: v1.4.6

Price: $0 – Free

Download size: 268 KB

DroidWall homepage [market link]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

22 comments

  1. Banana Nut Muffins Best Recipes

    I have to show some thanks to the writer just for rescuing me from such a setting. After researching throughout the internet and coming across suggestions which were not beneficial, I was thinking my life was gone. Living without the answers to the difficulties you have fixed all through the short article is a critical case, and those which may have badly affected my entire career if I hadn’t come across the website. Your main know-how and kindness in taking care of the whole thing was very useful. I’m not sure what I would’ve done if I hadn’t come across such a subject like this. It’s possible to now look ahead to my future. Thanks a lot so much for the specialized and result oriented help. I won’t hesitate to recommend your web sites to anybody who wants and needs guidance about this situation.

  2. John

    An important point to add that you haven’t covered, droidwall wall does not block incoming connections which means information on your phone is not safe at all. Granted, any apps you may have installed won’t receive any incoming connections because it would need an outgoing connection to start any kind of data session BUT the phone operating system can in fact receive incoming connections and thus opening a route to your phone. By using ADB terminal you can manually put in the correct command to disable all incoming connections via Droidwall. IPv6 is not filtered at all by droidwall so you should use a kernel that supports the disabling of it. And there is only one kernel available that can do this.

    With regards the above post, Droidwall does not try to access the internet :)

  3. John

    An important point to add that you haven’t covered, droidwall wall does not block incoming connections which means information on your phone is not safe at all. Granted, any apps you may have installed won’t receive any incoming connections because it would need an outgoing connection to start any kind of data session BUT the phone operating system can in fact receive incoming connections and thus opening a route to your phone. By using ADB terminal you can manually put in the correct command to disable all incoming connections via Droidwall. IPv6 is not filtered at all by droidwall so you should use a kernel that supports the disabling of it. And there is only one kernel available that can do this.

    With regards the above post, Droidwall does not try to access the internet. :)

  4. Mike

    I was using DroidWall until very recently. It’s a brilliant app, but I’ve come across one which I think is better. It’s called “LBE Privacy“. Not only does it prevent outgoing network traffic on a per app basis like DroidWall, but it can also prevent apps from accessing various other things such as location, contacts, call logs, the IMEI, phone number and so on. It’s another free root app like DroidWall. Check it out.

  5. Bon

    Many people don’t realize how much of this going on. I have a iPhone and I have to jail break it just to get a firewall installed to keep even ad free games from accessing the Internet. It’s a good idea to snag the android firewall since you don’t have to hack your phone like on the iPhone.

    The phone carriers needs a way to disable Internet access for apps since many people don’t have unlimited data plans.

    Just because you can make your apps track when a consumer opens your app doesn’t make it right

  6. Raven

    I have 2 HTC’s A Desire and a Desire HD.Unfortunately they both came with froyo so in order to root them I apparently have to roll them back to 2.1.Does anyone know of a program or means to root 2.2 without having to roll it back to 2.1?

  7. Algae

    Thank you SO MUCH for making this app available to us!! I was getting sick and tired of one of my apps which is for making grocery lists always going online to compare what I was entering to known products, and making me wait while it did so before it would add the item I typed in to the list. Now that I have blocked its network access it runs twice as fast! :)

  8. acr

    @Ashraf:

    I would like to see an article on rooting a phone too. I know there are some apps I would like to try that require root. Someone explained to me the difference with rooting a phone is kinda like being on a computer and going from using a limited user account to admin. That seemed to make a lot of sense to me although it all still seems kinda confusing.

  9. Raven

    Very informative ,thank you.Now how about an article about “rooting” your android ‘phone?This is something I have been wanting to do for a few months but 1)the instructions I have found are never very clear and 2) Where to find the necessary software.Thanks in advance.

  10. Ashraf
    Author/Mr. Boss

    @John: Yeah, this program requires your phone to be rooted. I take it you don’t know what rooting is? It is the equivalent of jailbreaking for iPhones; I will write an article about rooting Android phones very soon.