How to Use a Firewall to Control Web Access for Apps & Stay Private on Your Nexus 7
Apps that have no business accessing the internet can share your location, device ID, and other personal information with potentially malicious data snatchers. If you're connected to the internet on your Nexus 7 tablet, you're a potential target for cyber threats.
For instance, the developer of the "Brightest Flashlight Free" app gained notoriety last year for maliciously accessing and sharing users' device and location data to advertisers without proper consent. Who would think a flashlight app would even have to connect to the internet?
One way to minimize these types of apps from stealing your data is by using a firewall, which lets you monitor which apps are trying to access the internet. Having this knowledge gives you the power to decide if an app needs access or not. Your banking app definitely needs to connect to the web, but something's up if your calculator tries to get online.
Google did provide a way to monitor app access with App Ops, but removed the functionality in Android KitKat. We were able to get around the removal, but it required root and an Xposed mod. There are similar apps, like DroidWall, that let you control what accesses what, but they also require root access.
Now, there's an easier way to keep track of potentially malicious apps without rooting, and it's called NoRoot Firewall, which notifies you whenever an app is trying to access to the internet. You can also create filters based on IP address, hostname, and domain name, depending on your preferences.
When you first open it up, you'll need to tap Start and also check Auto Start on Boot, unless you want to manually activate every time.
Unfortunately, per the developer, the LTE aspect is not functional yet, but hopefully will be soon. But that's okay, since the majority of you probably have the Wi-Fi only versions of the Nexus 7.
NoRoot Firewall works by creating a virtual VPN (virtual private network), sending all data requests through the app rather than directly to the internet. This means that anytime an application is attempting to access the web, you'll receive a notification. Then that app will be placed in the Pending Access tab where you can either deny or approve it.
There are some apps that you already know will always have access, like your web browser. In order to remove the requirement of constant approval, go into the Apps tab, locate the application, and tap the Wi-Fi columned box to set a green check for constant access. To deny access to a particular app, tap again and it will be marked red with an X sign.
It's important to note that whatever restrictions you set must be removed before uninstalling the firewall. Forgetting to do so will keep restrictions on until you shut down and restart your device.
If you're interested in specific information, like which apps have gained access or have been denied, go to into the Access Log tab. You will be able to see the date and time of activity as well.
The app provides an option to input custom filters, allowing you to block access based on IP address, host name, or domain name. These are used mainly to block specific ad sources, like AdSense and AdMob. To use this setting, you must first know the address to block.
"Pre" and "post" simply refer to whether these filters will be applied before or after the apps rules you've established. Personally, I haven't found an occasion where this setting is necessary. Again, it's very specific to certain domains; while we cannot list these domains, you can find lists for them by searching for the specific ad network you're trying to block.
While the app is fairly new, it is very promising. Remember, this is the first firewall app of this kind that does not require root access. Look for future updates to address LTE compatibility and to come with sample filters. But until then, stay safe out there!