Hi. Could anyone please answer about the reliability of the built in blocker? In other words, if I installed any app as dangerous as possible (like a Google app, etc..), if I disable network access for that app for all the network ports (wifi,cell,vpn), can I 100% rely that this app will never be able to send out any data about me or my phone? Or are any app makers smart enough to somehow to bypass the blocker?
I am extremely careful what apps I install (usually just from f-droid) but I am thinking that if I block network access by default for all apps, maybe I can download any app (which does not need network access of course) I want and not exercise any caution. Thank you
I can’t comment on the technical aspects of the iodé app, but FWIW…
You can also sandbox the app. So if you multilayer the defence it should limit it. I know @rik posted elsewhere about a good way to sandbox apps IIRC (sorry don’t have the link to the thread or post handy, was on BraX3 forum I think). Sandboxing will limit further what it sees and interacts with (including what data it might collate), in addition the controls from restricting network access and blocking it in iodé…
However, One immediate problem I can see is many apps will collate data regardless, so even if they have no internet access they still compile information. They then only need one brief opening in the blocks or firewall to phone home and transmit all that accumulated data to their boss…
It will depend on the specific app but unless it’s something you absolutely can’t live without it, or it’s so essential your life has to have it, I’d just avoid completely if you have any doubts and/or don’t want it to invade your privacy. Pretty much everything is replaceable…
Essentially the iodé blocker is a “man in the middle” proxy, so all network traffic goes through it. This should be highly reliable, but in a previous life I have had trouble with a similar “man in the middle proxy” running on our office’s firewall getting overwhelmed and then some traffic would slip through. I am not saying the technical underpinnings of the iodé blocker have anything in common here, just noting that it may not be something that would be absolutely impervious to having something slip through.
But if at the app level you deny all network access (“App info > Wi-Fi data usage > Allow network access”) I think this would be more reliable, as it removes the permission entirely from the app.
But as noted by @mycenius ,if an app needs some network but you want to isolate it from other apps, be able to “freeze” it when not running (basically “disable it”), then Shelter (the one I use) or Insular are good ways to do it. They leverage your “work profile” to give isolation, but also again have a few add-on bits like freezing, unfreezing, etc.
@schwanz this is the thread where rik posted about Shelter and using sandbox app with your work profile, etc, to further control apps. It was very helpful for me (it’s on the Discourse BraX3 Community)…:
P.S. Thanks for that @rik, I’m finally in progress to set that all up and will install my less desirable apps this weekend - so it’s been a great help in getting me started on how to do it…
Fantastic suggestions. Thank you. So the answer to my question is no. Which is too bad. Hopefully some day IODEos will fix the blocker so it can be 100% trusted (I know that by today’s standard, that is 100% possible). No other methods needed. Wouldn’t that be great? Thank you
I think you didn’t understand. The Iode app is reliable. Until now there is no evience that says otherwise.
What the others here tried to say is, that no software on this planet is 100% bug free. And never will be.
If you don’t trust this app alone you can isolate the Google app further to recduce the risk of leaking informations.
Thanks for the reply but I cannot believe that “no software is 100% bug free”. Why would that be. I have many apps which don’t have bugs. Planes and cars would crash if the core apps had bugs. Blocking traffic at a low level with 100% reliability is well achievable to a software programmer, especially an OS maker. I am starting to think that these forums are run by users rather than the programmers of iodeos. I understand they are busy but is there a way to get an opinion on the matter by an actual programmer of the OS? Thank you
I think it’s meant in terms of exploits, loopholes, vulnerabilities as well as unintentional or buggy process. The reality is it’s near impossible to test and verify and make 100% certain any software package is perfect, has no flaws, and has no way of being exploited…
Random Example: When the Space Shuttles flew in the '90’s and early 2000’s they were still running on banks of dozens of X286 PCs from the '80’s because they had been around for long enough the OS software and applications had been proven to not have any significant or catastrophic glitches…
They could have upgraded to the significantly more powerful Pentium PCs and needed less hardware and had more computing power - but the Pentium Chips originally had a tiny ‘bug’ that meant they made a small error to something like the 20th or 30th or such decimal place. So something like:
.00000000000000000001
Insignificant and home & business users used them gleefully with no issues and often totally oblivious to it. But if you were an Astronaut in the shuttle using Pentium PCs that insignificant error could easily turn your reentry into an unplanned 1-way trip to the moon or beyond…
It didn’t mean the software or computer chips were unusable - it just meant they had ‘bugs’ that might cause an issue in a certain circumstances. In that example the bug was identified and known, but there will be untold similar bugs in everything that never get found or identified or are only found by accident or long after software is released…
I am a developer (not with iodé, as you note I am “only” working with them in a “Community Manager” sort of role), and I would fully endorse this statement. Not encountering a bug doesn’t mean there aren’t bugs for other outside use cases, or potential vulnerabilities not exploited yet. Especially with any software connected to the internet, there is no such thing as fully “bullet proof” software.
Note that apps in Android are all sandboxed, in some level or another. (Some system apps that are very integrated are more so system components, so their sandbox may not be as relevant) It’s why we have permissions. What different profiles allow, is separating data that would be shared between these apps, such as contacts, media, apps in that profile (if the app requests the permission), so you can have WhatsApp in a work profile and only have some contacts there that you want it to be aware of, also media, because if you don’t grant WhatsApp media, it won’t let you have or get backups and that kind of thing. Also the ability to pause the work profile and its apps.
In general, be careful of permissions overall. Don’t go granting contacts, media or such to every app that requests it.
If you go in app info and block all network, it shouldn’t be possible and it being possible would be considered a vulnerability.
The worse thing I can think of that you might see, is the system checking some of the app’s domains for links, as Android can go and verify that certain links are indeed for certain apps and let apps open those links, and it has to contact it through HTTPS to check that, but it’s all done by trusted code, so… Also link verification in iodé hasn’t worked anyway, it’s borked in AOSP
Yes, no software is 100% bug free… After all, Don Knuth still rewards the discovery of bugs in TeX
The heart of the iodé blocker is a system daemon nearly independent of the android framework. It deals directly with the linux kernel to filter trafic, being as low-level as possible. In particular, wifi/data/vpn blocking does not depend on anything else. For DNS filtering, some information needs to come from the the android framework (domain names), which is captured as low-level as possible.
The user interface just plays the role of configuring the system blocker and displaying statistics, and is not required for the system blocker to work. Communication between both is securized through a selinux policy, no app installed in a normal way can circumvent this, and even no app installed by rooting/etc, as it should be signed with iodé keys to be able to communicate with the system blocker.
I would say that it is reasonably reliable/secure, but… no software is 100% bug-free !
