Android firewalling / network monitoring

Last updated : 20/9/2024

- Introduction -

- Prerequisites -
InviZible Pro
NetGuard
AFWall+
PCAPdroid
App lists
Others

Introduction

Well, here it is. The somewhat non-stub guide for firewalling and/or network monitoring on Android. And no, root and/or unlocked bootloader is not required this time... unless you're using AFWall+ & PCAPdroid (or you can't live without root access).

Prerequisites

Required stuff :

InviZible Pro

InviZible Pro is somewhat like NetGuard (both uses Android's VPN slot & works with 1 hosts source), but with a more verbose network monitor, added darknet access (I2P & TOR, with latter enabled by default), & DNSCrypt. By the way, TheAnonymouseJoker considers this a cornerstone of his privacy guide, and it's somewhat understandable considering the features it has (though in reality I beg to differ for obvious reasons). Also supports root mode, but not recommended as firewall & network monitoring won't work.

Prerequisite :

Firewalling :

Network monitoring :

NetGuard

VPN-based firewall with some network monitoring abilities. Also offers adblocking in GitHub Releases / F-Droid builds. Unfortunately, some features are locked behind Goolag Play in-app purchases.

Prerequisite :

Firewalling :

Network monitoring :

AFWall+

Root-only firewall using iptables. Has an unlocker hidden behind either Goolag Play Store or in-app purchases (via Goolag Play), which unlocks background theming & hostname logging.

Prerequisite :

Firewalling :

Network monitoring : (unlocker required; use PCAPdroid for network monitoring instead)

PCAPdroid

In a nutshell, it's a reverse of AFWall+ - works on either root or VPN mode; network monitoring available & fully functional by default; and firewalling hidden behind Play Store unlocker and/or license code (and by hidden I meant it - the options are completely absent without it). Will catch all connections (including system connections) if running in root mode, but may also run in VPN mode if you don't mind catching only user-installed apps (something both InviZible & NetGuard does as well).

Prerequisite :

Network monitoring :

Unofficial network documentation with root-enabled PCAPdroid

Important note : Aside from Private DNS disabled (letting them on Automatic kinda messes up the results), root solution (APatch / KernelSU / Magisk, preferring the last one), and UI modifications (navbar & statusbar tuned to my personal preferences); no other modifications are made to the system at the moment of documenting the ROM's connections. Also, Cell Broadcast Service used the captive portal url instead of CaptivePortalLogin for whatever reason. Connections documented are only first connections made as soon as system gets internet connection.

Firewalling : Locked behind Play Store unlocker and/or license code & not available on root mode. Leave firewalling to AFWall+ or any other firewalling solution of choice.

App lists

Everything but the firewall and/or network monitor can be in the "situational" list, but since this is my guide, here's my list of allowed & blocked apps, as well as the situational ones.

Allow :

Block :

Situational (block if not using, allow if using)

Others & comparisons

Here are other solutions I used to consider for firewalling / network monitoring, harvested right off the basic PrivMod guide.

Back to top

Android Privacy Mod - Basic

Index - cellphone

Main Page