Skip to main content

First Dynamic Firewall for Android Released

Security researcher Moxie Marlinspike has released a public beta of WhisperMonitor, the first-ever dynamic firewall for Google's Android operating system. The software monitors network traffic leaving the Android device and asks the user for instructions to determine filtering rules. Unfortunately, it's only available for two Android phones: the Nexus S and Nexus One.

"WhisperMonitor provides a software firewall capable of dynamic egress filtering and real-time connection monitoring, giving you control over where your data is going and what your apps are doing," Marlinspike said. "When enabled, WhisperMonitor will monitor all outbound network traffic and issue dynamic prompts in order to determine egress filter rules."

The software provides a simple interface to modify or update rules defined by application. It will also (optionally) record the connection history of the apps installed on the Android device, showing the user where it's going online and how often. This should help ease the minds of many Android users who aren't sure if their installed apps are secretly accessing the Internet and relaying their private information.

The firewall arrives just after Microsoft, Apple Google and other companies have come under fire for using tracking solutions in their mobile operating systems. Last month the US House Energy and Commerce Committee sent out notices to the accused parties, asking about their privacy protocols including the possibility of passing on private information to third parties, how location data is stored, how users are notified about data tracking and other inquiries.

"The same technology that has given us smartphones, tablets and cell phones has also allowed these devices to gather extremely sensitive information about users, including detailed records of their daily movements and location," said Senator Al Franken, chairman of the new subcommittee.

Responses from Apple, Google, Microsoft, Nokia, Research in Motion and Hewlett-Packard are expected to be returned by May 9.

In the meantime, paranoid owners of the Nexus One and Nexus S can download the new firewall for free here. There are three versions: a 64-bit Linux installer, an OS X installer, and a 64-bit Windows installer. Coupled with an antivirus solution like Lookout, the new firewall should offer better control over what goes in and out of the device's wireless connection.

Support for more devices is coming soon, Marlinspike said.

  • JohnnyLucky
    It would have been nice if the technology had been available much sooner.
    Reply
  • cknobman
    Wow you have reflash your device with a custom build where the firewall is built in!!!!!

    No app to install or uninstall, in fact if you go to their website they tell you only way to get it off your phone is reflash your original ROM.

    Me thinks Ill wait until something like this is offered in app form that does not require me to flash a custom ROM.
    Reply
  • milktea
    It will also (optionally) record the connection history of the apps installed on the Android deviceThis feature is the real winner for me. :)
    Reply
  • scook9
    Given that this is purely a software feature....why is it only on those 2 phones?!
    Reply
  • jednx01
    It would be nice if they made a firewall that works on all Android phones. This is like McAfee making a new firewall that only works on dell laptops...
    Reply
  • milktea
    cknobmanWow you have reflash your device with a custom build where the firewall is built in!!!!!No app to install or uninstall, in fact if you go to their website they tell you only way to get it off your phone is reflash your original ROM.Me thinks Ill wait until something like this is offered in app form that does not require me to flash a custom ROM.This firewall is basically a Service rather than an Application. So it requires your phone to have root permission to install. That means if everyone wish to use such firewall, Google would need to revamp the Android OS significantly.
    Reply
  • lukeeu
    milkteaThis firewall is basically a Service rather than an Application. So it requires your phone to have root permission to install. That means if everyone wish to use such firewall, Google would need to revamp the Android OS significantly.They would just need to include netfilter in the kernel and write a small program to allow unrooted phones to modify firewall config... and they didn't do it because people would block ads and call support after breaking firewall config... Google sucked all of the fun from linux in android.
    Reply
  • Why are you "Paranoid" just because you want to install a firewall?
    Reply
  • eddieroolz
    If I had owned an Android-based smartphone, I'd probably install it in a heartbeat.
    Reply
  • HappyBB
    Looking forward to this app for my HTC phone!
    Reply