Android applications for mobile devices are interconnected more than ever before. Many of them use built-in advertising platforms, analytics and other user tracking technologies. In order to increase user’s control of such apps and limit their capability to contact outside world and “phoning home” activities, one should install a firewall app. Here’s how.
How To Limit Android Apps Network Access Capability and Regain Your Privacy?
Some apps seriously abuse their advantage over the innocent and unsuspecting end user – you! We wrote about this on numerous occasions, most famous was the incident of an app that caused fake CPU overheating warning messages in order to lure users to click on an advertisement. True story.
With a firewall app you can simulate “no internet connection” mode for specific applications, while all other apps and services have normal access to the internet. This is useful particularly for security reasons, for example, if you are in doubt that a specific app – such as a File Manager app, that may store sensitive information about your FTP server or NAS drive password, may “leak” the data to an unauthorized 3rd party.
You can use a firewall app to limit any Android app spying activity, for example, NoRoot Firewall is an excellent ad-free firewall app for Android OS! There are few others equally good, each offering some unique features, so better try them all and see which one is the best for your needs and workflow.
Above is one combined screenshot from NoRoot Firewall, where you can see how many frequent requests (aka “phoning home”) infamous ES File Explorer used to make during start-up and ordinary use. Now, we don’t know what kind of traffic that is, besides usage stats, but we can safely assume that they are probably ad-serving networks (from which apps pull external embedded content), banners, promotions, send usage statistics and crash reports back to developers.
You can block all that with a firewall app! Of course, without root access on Android, firewalls will use less attractive bogus (redirect) VPN connection, which may interfere with some other apps functionality or create short glitches (e.g. ERR_NETWORK_CHANGED in older Chrome browser app), but this is usually completely harmless.
Note that it is essential to create bypass filters for apps like File Managers or any other app that requires local network access!
How To Install Firewall App For Android
- Visit Google Play Store
- Search for “firewall” and pick your favorite app (NoRoot is great and we use it, for example, but there are many others)
- Install and run it. Accept permissions and create VPN connection (this is required on non-rooted devices, because there is no other way to do it). It will become active instantly and block everything by default. Configure the app to run at system startup / boot every time, and define optional custom rules
How To Define Custom Rules / Filters and Configure Firewall App For Android
Creating filters (custom rules) in NoRoot Firewall is super easy, and app allows you to combine or mix rules for Wi-Fi and Mobile Data separately.
The main trick here is to allow local network traffic (e.g. 192.168.*.*:* , where part after IPv4 address and colon (:) symbol is port wildcard). Local network traffic is usually safe, and it limits device access to the same Wi-Fi network your device is currently connected to (e.g. your home Wireless Router or Gateway, for example). This way, app will be able to access your home or office printers, other devices, computers, network storage drives, smart TVs etc. but it will be blocked for anything else (e.g. outside world).
NoRoot Firewall app will automatically detect any new app’s intention to access network (either local or remote, it doesn’t matter) and block it by default, until you manually allow it or apply special rules / filter for each particular app.
For example, you need to allow 192.168.*.* IP address and for port select a predefined * (wildcard symbol) from a drop-down menu. And, that’s it!
You can block any other IP address in a separate definition. Optionally, you can bypass other reserved and private ranges, such as 10.*.*.* and 172.16.*.* if required. Everything else you do not use / need should and will be automatically blocked.