I've made a mock-up VPN that blocks everything and yet I see some tcp requests going through. I assume there are some internal stuff that ignores user-space "VPN mode".
Anyone who worked with networking in Android knows some off the top of their head?
KZekai said:
I've made a mock-up VPN that blocks everything and yet I see some tcp requests going through. I assume there are some internal stuff that ignores user-space "VPN mode".
Anyone who worked with networking in Android knows some off the top of their head?
Click to expand...
Click to collapse
What TCP/IP layer does the VPN work on?
BTW: Android only has VpnService API inbuilt - it's described here
BTW: Android only has VpnService API inbuilt - it's described here
Click to expand...
Click to collapse
Thanks, that was useful. Sadly, nothing on how built-in Xiaomi services bypass VPN and send their detailed "telemetry" directly. Spyware is deep in this one.
Related
Hello,
I would need for a project the possibility, for sniffing packets from an App without rooting the phone.
First I thought, I could code a Proxy Server on my PC, but then I have seen, that when you want to use a Proxy for WiFi, only the browser, not the Apps use it on the phone
So the solution should look like following.
mobile device -------> PC (MitM) ---------> Internet
Its a kind of a man in the middle analysis.
The solution has to be transparent - the Internet Server shouldn`t realize that a PC is analyzing packets.
Packets should be forwarded 1:1 and just be copied away for later analysis.
The simpler the solution the better
Greet`s Erich
eriche said:
Hello,
I would need for a project the possibility, for sniffing packets from an App without rooting the phone.
First I thought, I could code a Proxy Server on my PC, but then I have seen, that when you want to use a Proxy for WiFi, only the browser, not the Apps use it on the phone
So the solution should look like following.
mobile device -------> PC (MitM) ---------> Internet
Its a kind of a man in the middle analysis.
The solution has to be transparent - the Internet Server shouldn`t realize that a PC is analyzing packets.
Packets should be forwarded 1:1 and just be copied away for later analysis.
The simpler the solution the better
Greet`s Erich
Click to expand...
Click to collapse
Well, without rooting your device I don't think you can find any app which can do this for you ! What you are trying to do is without having a magic wand you are trying to do a magic. I don't think you will get success !
without root access it is not possible bcoz for packet sniffing in PC also a backtrack environment is beat ........and in android we are not able to be an admin to redirect the hardware without root access
I was reading something about a VPN loopback work around.
Because VPN is integrated in Android.
So maybe its possible to tunnel to the PC where I can sniff packets
I have a very good idea for a project - so it would be disappointing when it fails only because there is no solution for non rooted devices.
GreeT`s erich
Howto Loopback VPN
tPacketCapture does packet capturing without using any root permissions.
tPacketCapture uses VpnService provided by Android OS.
Captured data are saved as a PCAP file format in the external storage.
If you want a more detailed analysis, please transfer the file to your PC and use the software handles PCAP format(such as Wireshark).
Click to expand...
Click to collapse
This is similar to what I am looking for.
Does anybody know a opensource project of such a sniffer?
How can I set up a loopback VPN Tunnel on PC for sniffing the traffic?
GreeT`s erich
I am looking for same, did you find an open source project for this?
project like tPacketCapture.
lilovirus said:
I am looking for same, did you find an open source project for this?
project like tPacketCapture.
Click to expand...
Click to collapse
Hey, could you find some useful info on this ? Can you please share.
Thanks
Say I wanted to have the most secure Sony Xperia Z Ultra possible (without "too much" sacrifice of useability).
In the context of this thread I define security as broadly anything barring network anonymity ie. hiding your device public IP address.
So I want security from network attackers (eg. drive-by download, WiFi attacks), physical device attackers (eg. customs searching devices for IP violations ... no really, that's about to become a thing apparently, GF and/or mistresses) .
How would you do it?
Could you please use sections of
Code:
firmware
phone settings
app settings
behavior
because I want to curate the best answers from users in this post for the good of the forum.
My thoughts so far are:
Firmware:
Root is disabled
Bootloader should be locked.
^^ These I'm not sure about - see if we don't have root then we don't have iptable firewall and hosts level server blocking.
One recovery should be used
Honestly I'm not sure which ROM is more secure than another but I'm assuming the latest and greatest is more secure so that would be MM atm. No idea if Sony is more secure than another flavour of ZU Android.
Phone settings:
Developer options off
Sideload apps off
Do not connect to unknown WiFi
NFC Off by default
Bluetooth Off by default
PIN unlock required
Auto-lock ON
App settings: (this includes apps you should have/not have and their settings)
I figure every additional app that I don't use is a needless attack surface so start with no apps at all - uninstall everything. Only install what you use ... for which you need root unless the ROM is premade like this.
Firewall app (Netguard no-root Firewall, DroidWall if we have root)
Adblock (if we have root)
AV - honestly most mobile AV seems pathetic at being secure and not acting like malware (notifications, popup windows etc) but Avast at least seems to not hog resources.
-Auto update every app
User behaviour:
NEVER:
-install apps from anywhere other than Google Play. Or possibly FDroid
-let another person use your device
I'd like to hear your suggestions, critique and everything else, cheers!
So you're not gonna install from other than google play, then what ad blocker are you going to use? Where is adblocker connecting to?
You're talking about still having a lot of apps connecting through servers that you don't control.
morestupidemailnames said:
You're talking about still having a lot of apps connecting through servers that you don't control.
Click to expand...
Click to collapse
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
panyan said:
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
Click to expand...
Click to collapse
Exactly my point.
The op is a long winded question that leaves you with more questions.
Probably why there's been such a landslide of security tips here
my problem is that i have a non rooted phone with vpn always on and im searching for an app to activating ad block on it.
My fix for it would be to use an android wide proxy or a custom dns that overrides vpn dns.
as title said an root app or an app that provides vpn solution wouldnt be what im searching for. I had once an adblock app that routes traffic trough local proxy beside the vpn but cant find it anymore
Update: i found AdHell but its only for Samsung Devices with knox. Any other solutions?
HeathenMan said:
Update: i found AdHell but its only for Samsung Devices with knox. Any other solutions?
Click to expand...
Click to collapse
any news on this one?
I wanna use protonVPN and adblcoker at same time
a bit of elbow grease to protect self from Privacy Raping
Some [open]vpn clients allow vpn side connection to Socks5. Some even allow toggle of LAN access from device. I am not claiming a finish product exists but perhaps this gives you some joy.
Perhaps your socks5 instance runs in Amazon AWS free tier. Maybe it runs locally on your android handset. Perhaps you run Privoxy itself on android. [@mod: privoxy is F/OSS older than this forum]. There are a few privoxy projects for android on github. Perhaps you pick their brain. It was that against which proxomitron competed [also F/OSS. Thank God for Scott Lemmon].
Using things in differing order you might search the article to which I may not link: Privoxy on Android (with EC2 VPN)
I wanted to bring the Amazon EC2-based Privoxy service to it, by way of a VPN.
Click to expand...
Click to collapse
There was no obvious way to contact the author who hasn't posted since 2016.
There is an OpenVPN service you can likely find the name of yourself offering *recently* an adblock toggle and AntiTracker toggle with a hardcode mode to protect you from predators like google and Fbook. It shouldn't be long before others emulate this functionality. It sports the vpn side socks5 option.
Or privoxy tunnel to remote [cloud (openvpn)]. See? Fun with permutations. Maybe from phone with ShadowSocks to cloud to vpn to web. "OpenVPN over shadowsocks". At this point look into sites helping Chinese dissidents.
You definitely then return here with your improvements to share.
The remaining question is how much is your time worth? Not much? Then search the web ad naseum for the 'ideal free' solution. Elsewise pony up some pennies for some cloud time as part of a solution.
Same question here !
And it seems that adhell is now only available for entreprise use
Wasn't AdGuard doing that?
yes you are right. it works with setting a private dns in the system settings with dns.adguard.com - no batterydrain - no more ads - no vpn - no root
I am searching for options how to block android in-app trackers.
Which trackers are used in specific app can be checked here: https://reports.exodus-privacy.eu.org/en/
For example:
https://reports.exodus-privacy.eu.org/en/reports/com.nordvpn.android/latest/
App NordVPN uses 5 trackers (Google Analytics, Google Tag Manager,...).
How is it possible to block these trackers on Android 9? In a browser with add-ons like uBlock Origin it is an easy job. Is it possible to do the same with Android applications?
- I was looking at adblocking apps like AdAway, which uses hosts file... Can I use this host file to block trackers used in apps?
- I was also looking at XprivacyLua, but it needs Xposed framewors, which does not work (yet) on Android 9.
- Do you know any other tool?
- Or is the only option to find alternative?
Using: Mido device, LineageOS 16 for MicroG (based on Android 9 Pie).
Thank you for help and greetings!
If someone else needs it, I got a lot of help in this AdAway thread, page 1413, 1414: https://forum.xda-developers.com/showthread.php?t=2190753&page=1413
ktmom said:
For any app that makes the call by DNS, yes. If an app has an IP hard coded or other DNS work around, no.
Click to expand...
Click to collapse
So one option seems to be just adding domains to AdAway blocklist.
To do so:
zgfg said:
As pointed by the other user, you didn't list FQDNs but package names - with AdAway you cannot blacklist/whitelist some apps, only FQDNs (domains)
For AdAway you must have root, hence you can check from the logcat which domains were resolved by DNS and which TCP connections were established while your app is running.
Then add suspicious domains to your AdAway blacklist, restart the phone and test again, and analyze the log again if you still see the ads
Click to expand...
Click to collapse
..
@GuestK00285
Nobody needs an AD-Blocker app: all one has to do is to keep Android's system file /system/etc/hosts up-to-date. To edit this file root access is required.
Check out https://forum.xda-developers.com/an...pt-disable-fk-services-trackers-apps-t4074427
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?