Privacy Guides didn’t like my question, so I thought i would ask here. There have been a few posts recently about how much data Android leaks and I was wondering if this is the case when using a VPN with split tunneling and a kill switch?
In my case, I just have my (non Google et al) email, browsers, banks and Signal allowed to connect, and the rest should be blocked by the kill switch. Is this an effective way to prevent the data leakage? I know I should use another OS, which I will do when I’m in a position to wipe and reset my device, but for now this has been my solution.
A better solution would be to use a firewall and block access to the internet from those apps you don’t want connecting. I use AFWall+ on my rooted Android, together with Adaway hosts file blocking to disable apps internet access and block ads and tracking.
It does not however block apps from reaching the internet altogether", you are saying that the kill switch doesn’t block apps from reaching the internet?
I’ll have a look for a firewall app thanks, it’s the solution I use on my desktop and that works well in controlling exactly what can connect.
EDIT: Ok thanks I’ve done a bit of research and I get what you mean; for a non-rooted phone it isn’t possible to run one of these firewall apps plus a VPN because of the mechanism used to act as a firewall.
Thanks for the advice on AFWall+; it seems that all non-rooted solutions require the use of the Android VPN mecahnism in order to function, and so cannot be run along with a VPN → the only solution is to use a rooted device and an app like AFWall+ which uses iptables to function.
I haven’t been able to find more information on the Android killswitch unfortuantely - it would be good to know what data is actually able to leak out of my current setup, if only for my own curiosity and understanding now.
I’ve used it for years and I know that the apps I block can’t connect to the internet, but I just wonder if there are some background services that can’t be selected in the split tunneling that somehow are able to still connect, for example things that don’t come up in the app list when selecting what to tunnel.
One trick I’ve used is to setup a work profile using Shelter (available in Fdroid)
You can “freeze” (hibernate) all apps in the work profile that aren’t being used which de facto keeps them from accessing the web
Turn on your VPN inside the work profile, then use Netguard to prevent apps on your main profile from reaching the web (you can even block system apps)
This is the only semi workaround to rooting your device. Technically you aren’t running two VPNs because the work profile is effectively treated as a second device
Using Android without root is like trying to use Linux without sudo. Rather pointless. Root access gives you so much more control over your device if you know how to use it securely.
That’s a great work around and suggestion thanks!! I’m not quite ready to root this device and being able to implement this now is most helpful - much appreciated!
That’s an interesting analogy and i will definitely see if I can do it without much risk to what I have on their at the moment. Having never rooted a phone I’m somewhat hesitant to do it; it would be ok if i didn’t rely on this device for work.
I need a better understanding of the risks, but i have a feeling a lot of what I have seen is a bit sensationalist, because if it was that easy to brick your phone just rooting it, how do so many people root their devices. I’m relatively computer literate, so I’m not concerned I would do something stupid rather that just rooting the device somehow bricks it.
No problem. Many devices nowadays have been made near impossible to root (look at YOU Samsung)… it isn’t as easy as it used to be back when I rooted my Galaxy S6
I’ve been rooting and flashing custom ROMs for years. I’ve soft bricked a couple phones in the beginning, but I always managed to recover them. Just read the instructions on a few different sites for your specific device to get the general idea and then you’ll be able to guage which instructions are the most accurate and then choose those to follow.