47
submitted 5 months ago by otter@lemmy.ca to c/privacyguides@lemmy.one

I'm asking for Android specifically, but I'm curious what else is out there.

For example, some apps work without internet but may use it if it's available. I might want to block that without having to turn off wifi, force stopping it, and wiping the cache/data.

Similarly, maybe I only want to use the app over a VPN and want to prevent accidentally opening it without first turning the VPN on.

all 27 comments
sorted by: hot top controversial new old
[-] jet@hackertalks.com 16 points 5 months ago* (last edited 5 months ago)

On Android, there's a VPN in f Droid that acts as a firewall, so you can say this app has internet this app doesn't have internet

To ensure that this program only works with a VPN, you can set up a work profile require always on VPN in the Android settings, then this app running in the work profile must use the VPN no matter what

GrapheneOS has the internet kill switch built in for any app anywhere.

Depending on your threat model, you need to be very careful, just because an app doesn't have direct internet access, doesn't mean it can't talk to Google Play and pass messages that way. In the Android model, apps can talk to each other consensually, and you can't stop that

For desktop computers, we'd be talking about virtual machines and network names bases to enforce your policy rules. Qubes is the gold standard here.

[-] englislanguage@lemmy.sdf.org 8 points 5 months ago

With ”there is a VPN in F-Droid", do you happen to refer to Netguard? https://lemmy.sdf.org/comment/11993547

[-] otter@lemmy.ca 5 points 5 months ago* (last edited 5 months ago)

I also came across this one, but I haven't heard of this one before. I've heard Netguard mentioned in the past

Rethink: DNS + Firewall + VPN (Firewall apps, use WireGuard VPN, monitor network, block malware, change DNS.)

https://f-droid.org/packages/com.celzero.bravedns/

[-] Cheradenine@sh.itjust.works 6 points 5 months ago

With RethinkDNS you can block an app completely, allow the app (WiFi, cellular, or both) and block certain domains. You can also use DNS block lists, force or exclude apps from either VPN or Orbot. Block apps not in use, block when DNS is bypassed. A bunch more stuff.

[-] Desyn0xox@lemmy.ml 2 points 5 months ago

Been using it for a while, and am pretty happy with it. It has some nice features, and works pretty well for me, so I'd recommend giving it a try. I believe it, unfortunately, doesn't support OVPN though. But as I understand Wireguard are to be preferred over OVPN anyways.

[-] jet@hackertalks.com 3 points 5 months ago

I'm not sure. That might be it.

I use grapheneos so I can just turn off network access in the app info panel and still use my VPN.

[-] ton618@lemm.ee 12 points 5 months ago

Tracker Control - it basically checks for trackers that the apps use, and you can block internet access for individual apps. It's also on f-droid.

[-] peregus@lemmy.world 2 points 5 months ago

What are those trackers? Can it block apps from using Google Play Services?

[-] ton618@lemm.ee 1 points 5 months ago

https://nordvpn.com/blog/what-are-trackers/

I haven't noticed any problems, but you could, technically, block certain functions..but as long as long as you don't go into advanced menus, you're good

[-] peregus@lemmy.world 1 points 5 months ago

Oh, I see, , "normal" tracker. I've asked because I thought it could be something different since the OP was asking to block Internet and not the tracker. I've had a look at the app and it doesn't seems to me that it can block Internet access to other apps.

[-] ton618@lemm.ee 2 points 5 months ago

Yes you can block the internet

[-] peregus@lemmy.world 1 points 5 months ago

From what I've seen, it can block the Internet for all the OS, not for single apps. But I'm not using that app, so I may be wrong.

[-] ton618@lemm.ee 2 points 5 months ago

In the picture its blocking the internet for a single app - that app being "blinkist". You mean you want to block Google Play only?

[-] peregus@lemmy.world 1 points 5 months ago

Oh, I see! I missed that. Is it possible to block the Internet to Google Play Services?

[-] ton618@lemm.ee 1 points 5 months ago

No, I think that is a whole different kind of "system". Download the app and test it out :)

[-] TheDarkQuark@lemmy.world 10 points 5 months ago

There's a built-in network toggle for applications (in their respective App Info / Permissions page) in GrapheneOS. So, if you're on Graphene, it's a piece of cake.

Else, you might want to look into NetGuard (https://f-droid.org/packages/eu.faircode.netguard/), which offers app-wise internet blocking.

As for the "using app over a VPN" thing, you can just turn on "Always-on VPN" and "Block connections without VPN" toggles in Settings / Network and Internet / VPN / .

[-] englislanguage@lemmy.sdf.org 10 points 5 months ago

Netguard is a FOSS Android app which kinda works like a firewall. You can allow/block network access on a per-application basis. You can limit access e.g. on WiFi or on mobile etc. It also supports blocklists, supplementing your ad blocker.

To the Android OS, Netguard acts as if it were a VPN.

Limitations:

  • if you want to filter Android system services, you will break things. You will need to spend some time to do it right.
  • Chaining it to another VPN is only possible via SOCKS proxy
  • if you want to route some app's traffic via VPN and others not, I think that is not possible. You could, however, manually turn off an app's internet connection before disconnecting the VPN, if that is not too error-prone for you.

The app is very stable, I have been using it for about 5 years without problems. For most use cases it is fire-and-forget, i.e. I rarely open the app any more.

[-] peregus@lemmy.world 3 points 5 months ago

I use it too and I like it, but OP needs to keep in mind that the apps that rely on Google Play Services will still have "Internet access" directly with it and Netguard can't do anything about it. WhatsApp for example: you can block Internet access to the apps, but it will still be able to send/receive messages.

[-] Dirk@lemmy.ml 1 points 5 months ago

Came here to say NetGuard, too.

I did the allowlist approach and first blocked all and everything and then fiddled with the permissions and now have a good set of settings for stock Android. It’s doable within a few days while regularly using the devices and then allowing things as soon as you notice something does not work as expected.

[-] retrieval4558@mander.xyz 5 points 5 months ago

To prevent it using Internet at all, you can turn off individual apps access to WiFi and mobile data easily

To bind to a VPN, I use protonVPN, and I'm pretty sure the Android app has the split tunnelling feature to allow this as well. Not sure if that protects against leaks, but you could just have the VPN on all the time and use androids VPN settings to prevent any data usage outside the VPN

[-] ParetoOptimalDev@lemmy.today 5 points 5 months ago

Not for android, but I use this for PC:

https://github.com/jamesmcm/vopono

[-] GregorGizeh@lemmy.zip 4 points 5 months ago

Aside from what the others said, my VPN (also on GOS) has a kill switch function, i set it to maximum and this way the phone simply can't connect to the internet at all unless it uses the VPN.

[-] AnEilifintChorcra@sopuli.xyz 4 points 5 months ago

You should be able to kind of do both through android settings

Settings -> Apps -> YourApp -> Mobile data usage -> Allow Network access and Mobile Data

For VPN you'll need to add a VPN and then Settings -> Network and Internet -> VPN -> YourVPN -> Always on VPN and Block Connections without VPN. This blocks all apps. There is 2 issues with this though, Blocking connections will block split tunneling connections set up through VPNs and also potentially this depending on the apps you're using https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android

[-] subscriber_bot@ten1919.com 1 points 5 months ago

Does not work on samsung

[-] Imprint9816@lemmy.dbzer0.com 2 points 5 months ago

For the majority of connections you can. Some connections bypass your VPN and there is nothing you can do about it. Its been reported to Google by multiple groups, including Mullvad but Google refuses to fix this.

[-] apis@beehaw.org 1 points 5 months ago

You could try NextDNS. It won't let you designate access per app, but you can create custom blocklists. Short-term logging makes it easy to see at a glance which domains are being requested, and it doesn't take long to get it all set up so that your apps only contact stuff which is strictly necessary in your view. Also comes with many blocklists to choose from, as well as other useful settings.

this post was submitted on 08 Jun 2024
47 points (100.0% liked)

Privacy Guides

16263 readers
42 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS