Similar Firewall solutions

Index

• Similar Android Firewall solutions
• Non-root Firewalls

Similar Android Firewall solutions

Generally there are seven categories of Android firewalls available:

• Firewalls which uses a local VPN for traffic filtering (Dr. Web Anti-Virus,[...])
• Firewalls which use a separate own VPN (Android doesn't allow to use two VPNs together the same time) like Opera's Max/Turbo feature to compress/reduce the web traffic (if it's enabled the firewall may not work)
• Firewalls which using iptables, like AFWall+, Droidwall, Avast,[...]. Iptables (netfilter) will be called to execute e.g. the NAT table.
• Firewalls which using a local HTTP proxy (or integrate it in Android's VPN) like AdAway, AdGuard,...
• Browser or app related firewalls, like NoScript, Bluetooth Firewalls and such, which basically only blocking specific functions and not the traffic itself.
• Dynamic egress filtering: Monitors all outbound network traffic and issue dynamic prompts (on-demand) in order to determine egress filter rules. The rules are defined per application.
• Application-Layer Firewalls (all outdated), they using the Android Framework to block app requests.
• XPosed hacks to intercept directly on the OS layer (e.g. LightningWall). This doesn't need any iptables or additional scripts since the xposed framework provides the hacking ability's.

IPTables based:

• Builtin iptables (no GUI, but can be controlled via external scripts any Terminal Emulator app or ADB)
• Android Firewall & Source [removed from Google Play Store!]
• FireWall Plus & Source [removed from Google Play Store!]
• Firewall Gold
• 3C Toolbox aka Android Tuner
• DroidWall deprecated
• Avast Mobile Security & Antivirus & Forum
• LBE Privacy Master
• Advanced Firewall

NFtables based:

• nfwall (POC, will be uploaded if nftables hidds a stable stage)

Anti IMSI-Catcher (protects against IMSI/StingRay-Catchers and Silent/Stealth SMS):

• Android IMSI-Catcher Detector (AIMSICD) & Source (same link) + stingraymappingproject.org (site to show which information are collected by AIMSICD)
• SnoopSnitch + F-Droid + GSMMap Global Database
• Darshak & Source

Bluetooth Firewall:

• Bluetooth Firewall

Browser based Firewall (takes control over JavaScript,...):

• Firefox NSA NoScript Anywhere

VPN/Proxy based:

• LostNet Firewall
• Grey Shirts NoRoot Firewall
• Dr. Web AntiVirus + Firewall
• Kaspersky Internet Security
• Comodo Internet Security
• NetGuard (open source) from XPrivacy Author

Xposed based:

• LightningWall
• PeerBlock & Source + trusted blocklist's

Proxy based (incl. iptables):

• Shadowsocks + Source deprecated due censorship + Story

Real-time iptables logging:

• Network Log

Internet Diagnostic:

• Network Monitor
• RouterCheck

Dynamic egress filtering: (links aren't working - it's only for historical reasons)

• WhisperMonitor deprecated
• SnoopWall deprecated

USB: (not really a firewall but monitors the usb host)

• Android USB Serial Monitor Lite & Source deprecated

Application-Layer Firewalls:

• NullWall deprecated
• DroidGuard deprecated
• Lavender-Firewall, it's an hybrid that works on Linux and Android deprecated
• AndFire deprecated
• FireBlocker deprecated

Non-root Android Firewalls

All of these firewalls working with a local Proxy/VPN service, which means that they not working with IPtables like AFWall+. They only work on a app-layer size which fake a VPN connection, means the rules are applied on the VPN servers and not on the Android OS. The VPN package will be created to monitor incoming and outgoing traffic (which not need root access). The biggest problem is that such VPN services not work with WiFi tethering or hotspot's. And another con is that you can't run other VPN services and VPN/Proxy's apps at the same time together.

We not recommend to use any no-root firewall for above reasons, there are others too e.g. see an German article:

• NetSpark/Mobiwol NoRoot Data Firewall
• NoRoot Data Firewall

Final version 01.23.2016