Skip to main content

First Dynamic Firewall for Android Released

Security researcher Moxie Marlinspike has released a public beta of WhisperMonitor, the first-ever dynamic firewall for Google's Android operating system. The software monitors network traffic leaving the Android device and asks the user for instructions to determine filtering rules. Unfortunately, it's only available for two Android phones: the Nexus S and Nexus One.

"WhisperMonitor provides a software firewall capable of dynamic egress filtering and real-time connection monitoring, giving you control over where your data is going and what your apps are doing," Marlinspike said. "When enabled, WhisperMonitor will monitor all outbound network traffic and issue dynamic prompts in order to determine egress filter rules."

The software provides a simple interface to modify or update rules defined by application. It will also (optionally) record the connection history of the apps installed on the Android device, showing the user where it's going online and how often. This should help ease the minds of many Android users who aren't sure if their installed apps are secretly accessing the Internet and relaying their private information.

The firewall arrives just after Microsoft, Apple Google and other companies have come under fire for using tracking solutions in their mobile operating systems. Last month the US House Energy and Commerce Committee sent out notices to the accused parties, asking about their privacy protocols including the possibility of passing on private information to third parties, how location data is stored, how users are notified about data tracking and other inquiries.

"The same technology that has given us smartphones, tablets and cell phones has also allowed these devices to gather extremely sensitive information about users, including detailed records of their daily movements and location," said Senator Al Franken, chairman of the new subcommittee.

Responses from Apple, Google, Microsoft, Nokia, Research in Motion and Hewlett-Packard are expected to be returned by May 9.

In the meantime, paranoid owners of the Nexus One and Nexus S can download the new firewall for free here. There are three versions: a 64-bit Linux installer, an OS X installer, and a 64-bit Windows installer. Coupled with an antivirus solution like Lookout, the new firewall should offer better control over what goes in and out of the device's wireless connection.

Support for more devices is coming soon, Marlinspike said.