So far I have been very pleased with my rooted phones firewall capabilities using Avast, being able to block apps access to the internet, wifi, etc has seemed to work very well and makes me feel more in control of what my phones apps are capable of doing. However I have noticed a few things which seem to indicate that the firewall isn’t 100% effective and can by bypassed using certain techniques.

Last night I installed the EasyTether app, which allows internet access through the phones USB to my computer. The app works surprisingly well, but one thing I noticed today was that I never gave the EasyTether app internet access through Avast (I am using whitelist mode). Yet somehow the EasyTether app was able to give my computer full internet access through the phone. EasyTether did not require any special superuser access or anything like that, heck it doesn’t even need admin privileges. So how was this app able to bypass Avast’s firewall and give my computer internet? I don’t mind that it did since I would have allowed it anyway, but it worries me that other apps may be able to exploit this ability to gain net access through allowed and trusted system services despite being directly blocked by the firewall.

The second thing I noticed (but have not personally witnessed) from my searching, is that it appears a rooted phones firewall has no affect on Airpush ads. For those who don’t know what these are, Airpush ads show up in your notification area. And they seem to be the most invasive and hardest to stop ads on android so far. They are also likely the worst in terms of tricking users, because they can appear like they are legitimate services running on your phone since they show up as notifications just as your normal programs do. I have not tried this yet so it may be untrue, but I have read many peoples testimonials that with rooted phones they were unable to stop Airpush ads even when using a firewall to block the program responsible for those ads. Is there any comment on this? I tried searching through this site but came across no relevant or decent results regarding Avast’s firewall and Airpush ads.

I would assume the Avast firewall would keep them from reaching the phone as long as the parent app was being blocked… but with my recent realization with the EasyTether app, I am suspecting that apps can simply use other methods to gain internet access even if they are fully blocked… ie piggy-backing on allowed/trusted system services.

Perhaps this is where HIPS protection comes in handy, and it saddens me there is nothing of this sort on android yet (aside from apps like SU which prompt when a program wants access, but that is only for superuser related activities). Come on Avast, you already have the lead on the security market for andriod, lets hear about your plans some some kind of HIPS protection! I would love to see some kind of Online Armor/COMODO HIPS android app out there, then my security would be complete!

Hi,

I will take a look at both issues, but since I’m kinda busy right now, it might take some time. If you want to do some research, you can try disabling (blocking) all the groups at the bottom of the firewall list and see if either the tethering or Airpush get blocked or not.

About the plans - I can’t disclose anything, sorry

Filip

Thanks for checking in on these things.

Also just the fact you guys have plans is a good sign.

Until then I will try to get PDroid working on my phone, just a PITA to patch and flash my ROM. But it seems that app is exactly what I would like to see Avast do. Being able to control/deny/allow what permissions/phone information apps have access to, exactly what I want! No more apps reading my phone number and spamming me with SMS’s.

So I did try to instal Easy Tether Lite and avast! firewall has no problem with blocking the access in both modes (whitelist and blacklist). There should be some troubles with blocking UDP traffic like IM and some services, but I also tried it on my private network and it was blocked too. Do you use paid version or lite? IMHO this app is not so useful, because classic ROMs have USB tethering compiled from vendor or manufacturer. Concerning the Airpush - could you please advice nay application which contains such an airpush add? Thank you.

Strange you were able to successfully block EasyTether, I never allowed it and yet it still gives my computer internet. I am using the free version (Easytether Lite). Also as far as using the stock tethering utilities, I don’t want to incur any additional tethering charges to my account, therefore I don’t use the built-in tethering. I did try the wifi tethering (built-in) when I first got my phone, but it was disallowed and said all data will be turned off until it was stopped. So third-party tethering was my only option.

As for an app with Airpush, on the android market there is an app called “Password Delay Free”. I did not install it due to the possibility it could bypass Avast’s firewall, but the developer says it uses Airpush ads in the description (plus the reviews confirm it), so it should be a good app to test on. App seems legit aside from Airpush usage.

Have you tried LBE privacy protect which seems to be really nice.
It doesn’t requires you to patch the ROM which is tricky.

I had considered LBE as my last possible resort in case I was unable to get PDroid on my system and my ROM patched. There was a few reasons I really didn’t want to use it, firstly many people were reporting one of the main problems with LBE was that it had a tendency to force-close apps that had revoked permissions, and that it was somewhat inconsistent or unreliable.

My second reason was more out of paranoia than anything. There seems to be a staggering and increasingly growing amount of free apps on the play market of Chinese origin, most of them seem to be very high quality and most of those don’t seem to have any paid version or any ways to donate, and ads in these apps seem to be few and far between as well. This makes me suspicious, cause these apps are extremely well designed, have very talented teams developing them, but have no revenue… then how, and why, are they able to do what they are doing? If there is no ads, if there is no way to donate, and there is no direct revenue for making the apps, then where are these development teams getting their money and why would they want to offer something so good for free? Out of the goodness of their hearts? Would be nice, but I kind of doubt that.

I don’t know about you, but I don’t trust China as far as I could throw it, and they are well known for having serious man-power and extreme talent, especially in regards to information technology and computer science. To me the apps that are of Chinese origin, free, and with no revenue to speak of… are very suspicious, because for all we know these app development teams are being funded by the Chinese government which is secretly gaining control, obtaining information, spying, or worse, on billions of smart phones for some malicious reason that they will use sometime in the future. China can easily create a sophisticated virus/worm/etc that could go undetected for several years before anybody catches onto it, heck this actually just happened recently where some Chinese worm or virus went undetected on some key (I think US government) systems for something like a decade.

So it could just be some paranoid delusion and perhaps I am just not seeing the bigger picture with these extremely successful and free Chinese apps which don’t seem like they are making any money from people. But I would prefer to take as little chance as possible, especially when it comes to securing my phone. And a well-developed Chinese app, with no obvious revenue from it’s users, that has root access and the ability to control permissions… is something too risky for me.

But either way I managed to get PDroid patched successfully on my system and I gotta say, the app is amazing! Works flawlessly and is very user freindly. And best of all the app is open-source and is created by somebody from xda-developers, so it can be (somewhat) trusted.

I shared the same concern and that is part of the reason I bring it to the notice of avast.
did you succeed the pdroid with ICS? If so, bother to share it? Thanks.

I am not sure if Pdroid works with ICS or not, I am currently using Gingerbread 2.3.5. But I don’t see any evidence that it wouldn’t work.

You could check out the XDA forums for more info on that: http://forum.xda-developers.com/showthread.php?t=1357056