Marlinspike's Droid Firewall Kills Tracking 164
mask.of.sanity writes "The first dynamic Android firewall, dubbed WhisperMonitor, has been released by respected security researcher Moxie Marlinspike. The firewall will allow users to stop location-tracking apps and restrict connection attempts by applications. Marlinspike, whose company created the application, designed WhisperMonitor in response to the incidence of location tracking and malware on Android platforms. It monitors all outbound connection attempts by applications and the operating system, and asks users to permit or block any URLs and port numbers that are accessed."
This firewall monitor non internet activities? (Score:2)
Like the phone itself? The applications aren't the only thing sending out the data..
Re:This firewall monitor non internet activities? (Score:5, Interesting)
What do you mean "the phone itself"? What else is sending out information but applications? Little elves hiding in the keypad? Sorry, I don't understand what you mean...an android phone is a device running the android OS - I would expect everything to be an application, even the part that connects to your mobile provider. Maybe I am looking at it the wrong way.
Re: (Score:2)
These same folks have a SMS encrypter and yes, a call scrambler application, the latter does not even require an unlocked phone, though WhisperCore and WhisperMonitor (which is part of the former I think), require you unlock and replace the Android on your phone with thier custom kernel. Interesting that they can scramble calls outside the kernal or firmware.
Re: (Score:2)
Have a gander at the android source if you want to know, or at the source for Cyanogenmod if that is what you are using.
Re: (Score:1)
I think the op meant can the firewall monitor the kernel for access to the internet/phone network...
It's just a Linux kernel (on my phone it's 2.6.29), so yes, of course it can.
Re: (Score:2)
"You've been typing these things in chatrooms? Oh ho ho! Naughty naughty! You've been a very bad girl!"
When I phrase it like that, I'm not sure if the elves shouldn't be checking up on Santa's PC too. Who watch^H^H^H^H^Helfs the big elf, and all that.
Total BS (Score:2)
The parent post has zero rational content.
That's all.
White Hats, Black Hats, Tinfoil Hats. (Score:1)
It does spark the imagination as to what might be lurking inside these phones. Could they be chipped to spy on us without anyone knowing it? Do you know what each component is in that little phone? Does anyone? And even if you did know what components they are, who's to say "they" didn't slip in a chip disguised as something else. You would have to monitor the phone's output to see if it's broadcasting anything beside what it normally should. Then you have to consider, that it's function might be "on demand
Re: (Score:2)
Could they be chipped to spy on us without anyone knowing it?
They don't have to chip it, there's an app for that [cnet.com] too, and it has been around for at least 5 years.
Now what I could fathom them taking the risk of exposure for is the camera. Imagine being able to access any cell phone with a camera, browse its contents, or even activate it secretly.
They can, and do
Moral of the story, is don't carry a cell phone, monitor your home's security 24/7 to check for intrusion, do regular bug sweeps, don't talk or do business in your car, and never ever trust anyone. Your wife and kids and most trusted friends will be used as spies against you.
...or you could just put on your tin foil hat and call it a day.
Re: (Score:2)
It is possible, but once someone brings pictures and recorded conversations out in a trial obtained that way, there would be a mass uproar:
People would start powering off their cellphones. Others would take apart the device and cut the solder traces to the cameras, snip the microphones, and use BlueTooth for all conversations. Enterprising companies will make cases out of metal and foam to guarantee the mic and camera won't pick up anything. Other cellphone case makers will make cases where only the wire
Re: (Score:2)
It is possible, but once someone brings pictures and recorded conversations out in a trial obtained that way, there would be a mass uproar:
You mean, like in United States v. John Tomero [politechbot.com], as the grandparent referenced? I missed the uproar.
ZoneAlarm and NetBarrier (Score:3)
I used to use ZoneAlarm on Windows (still a version on my Win2K Starcraft PC), and tried NetBarrier for the PPC Macs. Both worked similarly, and I thought ZA was the greatest addition to Windows, ever.
Sounds like my impending Color Nook will be getting one of these, day 1.
Re: (Score:2)
As an aside, if you have any machines running OSX these days, you should look into getting Little Snitch. Love it; it's been eye-opening to see how often and where browsers call home when they're started, now, for instance.
Re: (Score:3)
Used it. Little Snitch has IMHO one major problem: they decided that it should use the Macs voice system if you go into FrontRow, and it's not optional - there is no way to disable it at. Voice rendering on computers is a pet hate of mine (and Apple's system is pretty bad), so the fact that LS decided all on its own to use this was enough to start seeking an alternative.
I switched to Hands Off [metakine.com], which has the added advantage that I can have it monitor what applications do with my hard disk as well. And th
Re: (Score:2)
Re:ZoneAlarm and NetBarrier (Score:4, Interesting)
No pointy-clicky though, so most Mac users won't use it.
I was building BSD firewalls based on Gauntlet more than 2 decades ago :-). You have two extra problems with ipfw - you need to know upfront what you're going to shut down or allow and it requires a lot of expertise that is not available to your average user.
In my case, you can add that I can no longer be bothered with hacking around in a box, I want the damn thing to work so I can get stuff done. Both LS and HO pop up when they have a question, but leave me otherwise to work. FIne by me..
Re: (Score:2)
Actually, configuring ipfw is incredibly simple. Beyond most OS X users probably, but anyone who can install and configure *BSD will not be daunted by the five minutes or so it takes to set up ipfw. :)
But of course your choice is valid and requires one to know or remember alm
Re: (Score:2)
Re: (Score:2)
No, he isn't, he just has another approach which is equally valid but does not work for *me*. I often need to use software which I do not have the time to completely assess (and it's not weird fringe stuff, Adobe and Microsoft products are on that list too). The other issue is that ipfw is more network and less application focused, but ipfw is not hard to set up - there are GUIs such as WaterRoof [hanynet.com] and Flying Buttress [tds.net] available if you spend 10 seconds on Google. There is a good intro to OSX ipfw [ibiblio.org] available
Re: (Score:2)
I was building BSD firewalls based on Gauntlet more than 2 decades ago
Your TTL is running out. Packet is about to die!
Re: (Score:2)
The hands-down best firewall for OS X (and other BSDs) is ipfw.
Nonsense, the best firewall for other BSDs is pf [wikimedia.org]. Apparently it's also going to be the best firewall in OS X 10.7.
Re: (Score:2)
Re: (Score:2)
You Disable it by going into rules and allowing Front Row...what did you expect?
Re: (Score:2)
True enough. You're in a twisty maze, with passages all alike - and your geo-location enabled phone will sell your every move..
Re: (Score:2)
Re: (Score:2)
Absolutely serious!
Re: (Score:2)
How can you tell if they're working or not?
If the malware is subverting ZoneAlarm (easy enough to do) then your sense of security could be completely false.
The ONLY way to spot unwanted outgoing connections is with a device external to your PC (eg. another PC on the same subnet running a packet sniffer).
Re: (Score:2)
How do you packet sniff on switched networks? The days of being able to sniff all traffic[1] on a network by having something else on the same network are gone my friend.
You'd need to be running some software on the switch or on the internet gateway, or some other device that sees all the traffic for some other reason.
[1] Yes, you can sniff some broadcast traffic.
Re: (Score:3)
If you want to sniff on switched networks, stop being so cheap.
You'll need a managed switch with the ability to designate a specific switch port as a SPAN or mirror port (http://en.wikipedia.org/wiki/Port_mirroring). This will allow you to monitor any other traffic that is passing through the switch.
Those days aren't gone, they merely got a whole lot more expensive.
In any case, it's more likely that you'd do monitoring at the egress point(s) of your private network, not on a particular switch.
Re: (Score:2)
If you want to sniff on switched networks, stop being so cheap.
You'll need a managed switch with the ability to designate a specific switch port as a SPAN or mirror port (http://en.wikipedia.org/wiki/Port_mirroring). This will allow you to monitor any other traffic that is passing through the switch.
Those days aren't gone, they merely got a whole lot more expensive.
In any case, it's more likely that you'd do monitoring at the egress point(s) of your private network, not on a particular switch.
Luckily I don't want to sniff stuff on a switched network, although the comment I was replying to made it sound like it was possible to do it by simply sticking another PC on the network. We both know that's not the case.
Your comment is happily covered by my "You'd need to be running some software on the switch or on the internet gateway, or some other device that sees all the traffic for some other reason."
Re: (Score:3)
Those days aren't gone, they merely got a whole lot more expensive.
I don't think a few hundred dollars for a 48-port switch is "a whole lot more expensive". Although they are around $500 each in general, I bought a pair of brand new Netgear GS748T switches on sale for $500 total. There is also a 24-port version for less than $300.
They fall into the class of "smart switch", although they are closer to being "managed" in their feature set. One of the features is being able to set up a port to receive to all traffic on other ports. The best part is that it's fairly config
Re: (Score:2)
Technically, you could setup a Linux gateway fairly easily and you can tcpdump all traffic going through it. All you need is two ethernet ports on a spare/old PC. I know I have a few old motherboards laying around that have two Ethernet ports on them. (Well...this is Slashdot. How many of us don't?)
So the expensive part is really just setting up the machine to do it and you could just remove it when you are done.
(This is what I assume the GP was talking about when they stated: "You'd need to be running
Re: (Score:2)
Re: (Score:2)
Yep, that's certainly one option. And it's more than just "another PC on the same subnet running a packet sniffer". Do any home-grade ADSL / Cable devices support it? Maybe with some of the open firmware solutions?
Re: (Score:2)
thank you for reminding me i do have a 10/100 hub somewhere :)
i was going to dig out a couple of wireless cards since i'm using one of my routers else where but that will do nicely
Re: (Score:2)
You sniff it at the firewall. which in my case is a full fledged linux box. What to talk on the internet in my home, it goes though that box. I could care less usually if my phone is talking to my desktop...
Re: (Score:2)
For 10/100 use an old hub or passive network tap, for gigabit use a monitor port on a managed switch or a computer acting as a bridge to intercept and process between devices. You can put this between switches to get all traffic on a particular unmanaged switch or between the gatew
Re: (Score:2)
No I wasn't kidding, but apparently, I wasn't clear either.
I know how you intercept traffic on a switched network - but the person I was replying to didn't appear to do so. It's not been a case of 'just sticking another PC on the network' for quite a while now.
Re: (Score:2)
Apparently you don't know how to intercept traffic. Go look up arp spoofing. Not as good for many reasons as a switch that will do port spanning but it would be fine for just monitoring a desktop from another one for a few minutes.
Re: (Score:2)
Buy a better switch or use arp spoofing.
Please tell me you do not work in this field.
Droidwall already did a good job at it (Score:4, Informative)
Not dynamic, but allows you to setup white/black lists of application to access 3g or wifi network.
Does a good job. You just have to remember to add new apps to the white list of you want to allow them access to a network.
http://code.google.com/p/droidwall/
Re: (Score:1)
Re: (Score:2)
I'd say DroidWall has been out at least a year. It has done so far an effective job at keeping apps from phoning home.
It would be nice to have a utility that offers the ability to keep apps away from the ability to get GPS info, either coarse or fine. This way, an app can do what it needs to, but when phoning home with whatever info it can find, it will either get the coordinates of some random place, or none at all.
Re: (Score:2)
Correct- you'd have to disable saving GPS points in the EXIF data. However, blocking the network request when the app phones home would be sufficient.
To the parent's point, I would love a sandbox that surrounded each app with a configuration for each permission it requested. So the app could say "I need permissions to read GPS data, write SD contents, read browser history, etc" and I could happily install it knowing my sandbox would return empty/random/fixed data for those API/system calls.
Re: (Score:2)
Agreed that a "read from sdcard" (read_external_storage) permission should exist.
However, the write_external_storage permission exists since API level 4 (android 1.6). Previous OS versions implicitly allowed that permission.
http://developer.android.com/reference/android/Manifest.permission.html#WRITE_EXTERNAL_STORAGE [android.com]
http://developer.android.com/guide/topics/data/data-storage.html#filesExternal [android.com]
Technically, your camera app could mark the files private to only itself; then you'd have to use it to view them (no
Re: (Score:2)
Re: (Score:3)
I've been using Droidwall for quite a while, and I'm going to keep using it for one primary reason - you can choose whether to allow apps access over wifi, 3g, or both. I'm mainly interested in limiting what apps do when I'm using mobile data.
I really hate that it doesn't pop up a notification when it blocks something new, though. Every time I install a new app I forget to enable it in the Droidwall settings, and it sits there not able to connect until I remember.
In fact, the whole interface for Droidwall i
Meh... (Score:2)
Which is why i like my mobile phone to remain a mobile phone and not a mini-computer subject to the same problems that plague PCs. We already have malware and other crap for mobile devices and the need for firewalls.... bet the anti-virus companies are wetting their pants over the move from mobile phones to mobile computers.
If i find myself in an emergency situation i'd like to be sure my mobile phone is working and not suffering from a plague of outbound traffic sending spam to half the world.
Re: (Score:2)
Bad coding is ubiquitous on all devices running any software. Remember that these are consumer end devices and not scrutinised in the same way as, say, military software is.
Oh, wait... [slothmud.org]
Re: (Score:2)
Which is why i like my mobile phone to remain a mobile phone and not a mini-computer subject to the same problems that plague PCs. We already have malware and other crap for mobile devices and the need for firewalls.... bet the anti-virus companies are wetting their pants over the move from mobile phones to mobile computers.
So you still have an analog mobile phone? Do they still make those? ;-)
Seriously; all digital phones are small computers. If one has a UI that only does phone calls, that's fine for customers that want that, but inside, there's still a cpu chip and a pile of software. It may be slow and have not much memory, but it's still a programmable computer. With a phone-only UI, it really just means that you have no way of discovering what other software the vendor might have filled it with.
One of the other
Only for Nexus (Score:1)
It's only available as a 0.3 Beta for Nexus S and Nexus 1.
The Installers are only for Windows 7 (64Bit) and Linux 64Bit (and OSx).
It's a great idea. If it continues to be free, I'll install it when it becomes available for my HTC...
Re: (Score:3, Informative)
Re: (Score:2)
It's 85Megs (windows x64 installer).. unless they cut out a lot of standard apps as well, I think there's something else to it. Maybe I'm wrong and it is just a custom done ROM, as I'm use to the Galaxy S ROMs (which typically are 130-200MB)
Re: (Score:2)
I got to your comment and was pretty disappointed. My fault for trusting a Slashdot headline, but "Droid" is a particular line of Android phones from Verizon (the kind I have, incidentally.) So I guess this is useless to me.
Thanks, guys, for your lovely reporting.
iPhone App (Score:3)
Excellent news for Android users. I guess that Apple would never accept a similar App for the iPhone - it might disturb the user experience.
Re: (Score:2)
Re: (Score:2)
And that user experience will stop this being useful for anyone except the geeks. Once you click the "allow" button with the "always do this from now on" tick box checked, then your app leaks data for ever. You may legitimately want super-whizzo-local-knowledge-app to know your location when you use the app, but not so much when it's hidden away in the background (or otherwise not immediately in use).
This is a good step forward, but I doubt it'll solve the problem entirely.
Re: (Score:2)
Also, if an app that doesn't do anything nasty has access to items, who knows if a future update pushed out with more malicious code may affect people. A lot of people automatically update their devices, and the SMS archiver that works perfectly with the v1.0 copy is spamming contacts at random with the 1.0.1 rev.
Re: (Score:3)
I guess that Apple would never accept a similar App for the iPhone - it might disturb the user experience.
That's true, but there's one available in Cydia for jailbroken phones. Called Firewall IP [saurik.com], it works pretty well.
But, Android is for advertising... (Score:1)
The issue with Android is it is an advertising platform. But imho with a strangely bad implementation... At least in hindsight.
I like my HTC, but sincerely hate all the programs that "require" full internet access. The reason given is ads, which I am often alright with: I get stuff "for free" that I don't care enough to pay for (games, rarely used tools, apps I can easily live without). The problem is one newer knows what else they use this unrestricted access to. Much of this doubt could be removed if Goog
This shouldn't need to exist (Score:1)
Re: (Score:2)
This is something that's always bugged me on my android, every time you install an app it lists which permissions it requires, and then gives you the choice of allowing them all, or not installing the app. Why can't I choose to allow/deny any one of those permissions for any app?
Why can't I say, yes I want the app, yes I want it to access my SD card, yes I want it to take pictures, no I don't want it reading SMS messages, no I don't want it accessing the internet.
Let the apps ask for whatever permissions th
Re: (Score:2)
It would be rad to pick and choose. And even if the apps are programmed poorly that they require access, the android OS could supply some API/system calls with your choice of random/empty/fixed data. E.g. an app wants Fine GPS acess, but doesn't need it for anything but advertising. Great, just feed it the south pole every time it asks.
Please port this to Linux A.S.A.P. (Score:5, Insightful)
> "It monitors all outbound connection attempts by applications and the operating system, and asks users to permit or block any URLs and port numbers that are accessed."
Excellent. + 100 this is the way things should be !!!
I've been yammering on about this for ages now without being able to get any Linux devs interested. As far as I'm concerned without such a feature Linux is a dead duck as far as being an operating system suitable for the home user. I've stopped putting Ubuntu on peoples machines due to the complete lack of such a firewall. And no. IP tables and Firestarter etc. are not the same thing *at all*.
The end user should always be given the final decision before *ANYTHING* on the computer is allowed internet access. This single feature of the Zone Alarm firewall on Windows has allowed numerous "non computer savvy" friends and relatives to realise they have a problem well before malware has been able to phone home. Not to mention blocking all the crappy "auto updaters" and other such crap that idiots have started putting in their Windows apps.
1 The people who write Zone Alarm for Windows get it.
2 Moxie Marlinspike gets it.
3 The Linux devs simply do not get it. They seem to believe we live in Magic Fairyland where no program would ever do anything malicious and anything should be able to connect out without the user knowing about it. "But we're only fetching cover art/some other stuff". No you're reporting information to a third party that I do not wish sent thank you very much.
Without this simple feature your computer is simply a digital spy silently allowing any program to send any information it wants anywhere in the world.
Totally unacceptable in 2011. All machines should have firewalls that allow the user full control of what applications are allowed to talk to the local network and/or the internet.
Re: (Score:3)
While I agree with you on principle, I think in practice these types of programs bring a lot of grief.
I once visited the house of a friend who was having trouble connecting to the internet. Turned out ZoneAlarm (or a similar program) popped up a dialog asking if he wanted to block Windows networking (not by that name, but the library which controls it) and he said yes.
Of course there are ways around that. For example, the firewall program should've had networking whitelisted, but even then people will try a
Re: (Score:2)
Re:Please port this to Linux A.S.A.P. (Score:5, Interesting)
Considering there's nothing as feature-complete as IPtables on Linux, I think your best bet is to learn that rather than rely upon some limited GUI interface.
I think you just underscored his point of linux not being usable for a desktop. Modern desktop should NOT, EVER rely on command line interface for anything aimed at end-user if it is to be usable.
There is a reason why we don't use rotary diallers in smartphones. There's a reason why we don't use command line interface on average home desktop machines (and no, your home machine is NOT average by any margin any more then a rotary dialler phone is if it's using linux).
Re:Please port this to Linux A.S.A.P. (Score:4, Insightful)
As far as the "not usable" BS, really who cares? Competent people use *nix, most people are not competent. It's old news, and I really don't care what you use, frankly. Just trying to be helpful...
Re: (Score:2)
And you can crow on about power all you want, users need ease of use. People are not experts in all devices and cannot be expected to be. Neither are you, for that matter. I'm sure in short order I could find many devices you use that you have little understanding of how they work, and that an easy to use interface is important to your like of the device.
The attitude that everyone should be "competent" and willing to be a tough guy with computers is silly. No, things should be made easy for humans. The poin
Re: (Score:2)
Re: (Score:2)
It won't be going away in the next fifty years, and may still be with us in a thousand. Users who think "the computer needs to learn me" rather than the other way around will always have a low ceiling on their competence level and will always be frustrated.
Are you competent in what to do when your car doesn't work as it should? Are you competent in how to fix your refrigerator? Your oven? Your piping? Toilet? Carpentry? Windows (physical ones)?
You are a professional in a narrow field of computer sciences. You are a user of massive amount of other appliances that you have NO COMPETENCE whatsoever in. By your logic, cars should still require you to be a certified mechanic, like it used to be in 1930s, you should not have any plumbing at your home if you don't k
Re: (Score:2)
It is for all you helpless people who don't like to learn anything.
Re: (Score:2)
A push button dialler has _more_ functionality than the older rotary dialler (at least additional items "#" and "*")
The transition from rotary->push button is simply one of mechanical reimplementation, not of simplification.
Now we have address books, how would people feel if you _only_ had address books, you couldn't add any new numbers you could only choose from the numbers that were somehow "blessed" by your tellco or phone manufacturer. That is a more accurate comparison to the iPodification of tech.
I
Re: (Score:2)
Re: (Score:1)
> Modern desktop should NOT, EVER rely on command line interface for anything aimed at end-user if it is to be usable.
Oh, BS. This mentality is why the internet is the spam infested cesspool that it is. As long as we cater to people who refuse to learn things, who are proud of their stupidity, there will always be the kind of problems we see today.
Thirty years ago everyone using personal computers was using the command line because _that is all there was_. Have people become dumber since then? I doub
Re: (Score:2)
CLI = granular control, GUI is inherently less granular.
Most end users don't need granular control, they need to be given simple sets of choices.
Re: (Score:2)
Did you know that most young kids in fact DO NOT KNOW HOW TO USE A ROTARY DIALLER as they never have come in contact with one? They end up truing to press numbers in assumption that these are buttons.
Rotary dialler is a significantly more complex device then a keyboard, and a lot less intuitive.
Re: (Score:1)
You are of course absolutely correct... Except you are missing who-is-who: You are not the end-user. You are the product! :-)
Advertisers are the end-user, they pay for your apps, for your Gmail, and for each and every search you do on Google search... Your phone is just an extension of this package.
I still agree with you and think Google have made a horrible implementation in Android: We SHOULD be able to deny an app full internet access. The app should still function, but just get a "not connected" excepti
Re: (Score:2)
No, they should not. That's the problem with android in a nutshell -- it's TiVo-ized Linux turned into an advertising platform, provided to you via your carrier and a ginormous advertising company. Do not want.
Technology already exists ... (Score:3)
On linux we have AppArmor, we have possibility to distinguish PIDs in ip tables (already used for traffic shaping by Peer-2-peer aficionados), ...
The problem is not the technology, the problems are different :
- The main one is the interface. Someone has to write something which is user-friendly enough.
- The other problem is the massive amount of executable existing on Linux. ZoneAlarm works well on windows, because of its rather monolithic structure. There aren't that many process needing to be controlled.
Making my self clear ... (Score:2)
Something like ZoneAlarm on Linux would produce a metaphorical Zerg-rush of pop-ups.
You're exaggerating hugely and even then it'd only be for a short period. Then you'd have a decent profile and could forget about it.
How could you be sure that all the users, including the "grand-ma/grand-pa" type of user will take time to properly configure all this stuff ? And won't simply get the habit to always "ok"-click-through everything ?
(Well, in the special case of a Linux distribution, one might expect that nothing abnormal will happen during the first few weeks. The only applications asking for network access will be the networked application. Picture-displaying application will remain off-line, and if a couple of months late
Re: (Score:2)
Can SELinux do much/most of what you're asking? The SELinux "sandbox" utility has some examples of restricting network access on an application-by-application manner.
For example, this firefox can access the internet:
sandbox -X -t sandbox_web_t firefox
and this one can't:
sandbox firefox
If you set up selinux policies that restrict most applications by default, it should cover that "cover art" use case you mentioned.
Re: (Score:3)
Uhm, wrong. A hostile userland program that can execute arbitrary code has ALREADY WON. There's nothing a "personal firewall" can do. Even if that firewall of yours would look at which process started the connection, there are many, many ways to control a process that is allowed. Both on Unix and on Windows.
You'd need a sandbox of some kind: a virtual machine, a separate user who can't directly access the network, a quasi-user (like a selinux role), etc. On Windows, even separate users are not enough if
Re: (Score:2)
The Linux devs simply do not get it. They seem to believe we live in Magic Fairyland
I don't think you get it. Who is "they"? Linux isn't a brand and it's not a company. There is no such thing as "The linux devs" except the linux kernel developers. There's literally thousands of different unrelated teams working on linux packages. Frankly I have no idea who you're talking about. Linux has the support for what you're saying, someone just needs to develop it. There are/were developers for a similar tool, maybe you should talk with them. If they ever got somewhere good, maybe they'd be
Re: (Score:2)
I get it.
They get it too.
The end user
They don't get it.
The problem is the end user will scream bloody murder if they have to do anything to get access to their precious pron and emails. If they have to think for them
This (Score:3)
What happened to "appliances"? Set it and forget it?
Now it's going to be Windows all over again:
My phone's too slow, buy another one.
-reinstall OS
-upgrade OS
-install antivirus
-check for rootkits
Re: (Score:1)
you don't have to buy a "smart" phone, you know that right? Personally, having had one for a year, I would NEVER go back the convenience of a "pc" in my pocket outweighs the annoyances 1000 to 1 ...
Re: (Score:2)
Re: (Score:1)
Very few devices are locked down completely. It's pretty much just the "Droids" (aka Motorola). SGSII was rooted just days ago (before US release...) and it does not have a locked bootloader iirc. HTC has, I believe also promised not to lock their bootloaders.
There are quite a few really good phones out there that can still haev ROMS flashed on them. Just hit up XDA before buying your phone (or check the CM7 compatibility lists).
DroidWall (Score:2)
While it is less detailed and has no popups, it is open source and works rather well:
http://code.google.com/p/droidwall/ [google.com]
The main difference being that DroidWall is all or nothing.
Currently only for... (Score:1)
Re: (Score:1)
Not just good against malware (Score:2)
I (still) have a Nokia Symbian based phone and turned off all email updates, GPS map updates etc before going on a trip to China. After one week I got an SMS warning me of large "roaming charges" despite only using the phone for sending a handful of SMSes. Either I missed some automatic update/sync that should have been turned off (unlikely) or the phone checks/updates something which can't be turned off.
Either way, a firewall application would have helped me to:
A) Be sure the phone isn't auto-doing anythin
Re: (Score:2)
I don't know about Symbian (or whatever OS you had running in your Nokia), but Android, and I believe iOS has an option to disable the data connection as soon as the phone begins roaming.
That checkbox is checked by default In Android, and if you try to uncheck it, a dialog box pops up explaining that you risk very high data rates while roaming.
Only works for Nexus. Need desktop, too (Score:4, Insightful)
FTA, only has installs for Nexus One and Nexus X, and installer comes in Windows, OSX, and Linux... and it looks like they're all 64bit installs only. Very limited. And there is DroidWall, which is available on the market, but I believe you need a rooted phone (which is probably true for any decent firewall). I use DroidWall and it's fantastic. It let's you choose to allow not just an app, but how it connects. You can, for instance, block Pandora on 3G, but not Wifi.
Re: (Score:2)
That's because it replaces some of the android OS, and it needs a desktop installer to unlock the phone and push the files over adb.
Tthere is also no uninstaller at the moment - you have to reflash the original ROM.
Android in dangerous waters (Score:2)
If google doesn't figure out a way to make this unnecessary, it will be a huge advantage for Apple, because their "walled garden" reduces the need dramatic
Re: (Score:2)
Google has too much at stake for Android to get known for malware.
Malware on Android is rare. Otherwise, if malware were common, you would hear screaming from friends and friends of friends almost everywhere.
Take Windows, if it isn't a friend, it is a friend of a friend, or an acquaintance of a friend who has an infected machine. Android is nowhere near this point yet. If one person gets their phone infected, they will be telling everyone they know, so word would get out. As of now, there are rumors abo
Now it just needs anti-virus (Score:2)
Re: (Score:2)
They'll worry about the privacy of the Small People after they deal with those pesky phone-company-killing tetherers [slashdot.org].