rethink-app icon indicating copy to clipboard operation
rethink-app copied to clipboard

Published 20 hours ago verified publisher icon celzero

Some firewalled apps can still access internet sometimes?

Open ignoramous opened this issue 4 years ago • 5 comments

A user says,

Hello there, some system apps can still access internet sometimes even I have never disconnected from Rethink dns firewall. Here is the image showing those apps' network usage

I have also noticed that apps that I've blocked have, according to Android, sent meager traffic (within 100 KBs). May be Always-on VPN is critical to prevent any such leaks? Or, may be Android's accounting for the app's DNS / ICMP traffic (RethinkDNS does not block ICMP celzero/firestack#3 and cannot know which app sent DNS request #270 though it can block them if it knew it was sent from a firewalled-app).

Interesting.

ignoramous avatar Sep 10 '21 20:09 ignoramous

Unrelated, but also see: #364

screenshot

20210403_150405

ignoramous avatar Sep 10 '21 20:09 ignoramous

Hi, I think I have the same issue. I keep getting new mails through Huawei’s default e-mail app, although it’s fully blocked. I cannot figure out why.

screenshots

Screenshot_20220803_114941_com celzero bravedns

Screenshot_20220803_115159_com huawei systemmanager

pukkancsanyo avatar Aug 03 '22 09:08 pukkancsanyo

The Huawei email app is a system app. If so, it can bypass the VPN Rethink sets up (and thus the firewall) See: #224

ignoramous avatar Aug 25 '22 13:08 ignoramous

Thanks for the reply. OK, so that's why it seems to be blocked in the logs (every connection by it listed in the log is red), while it keeps getting new messages. It can make some other connections which are not logged and not blocked either, which is pretty unfortunate in the case of spying system apps. Thanks for all the info.

pukkancsanyo avatar Sep 13 '22 04:09 pukkancsanyo

It can make some other connections which are not logged and not blocked either

Yes, but let me clarify: If the Huawei Email app wanted to bypass the VPN firewall, it could. But, does it? That's unclear.

OK, so that's why it seems to be blocked in the logs (every connection by it listed in the log is red), while it keeps getting new messages. It can make some other connections which are not logged and not blocked either, which is pretty unfortunate in the case of spying system apps.

So: The notifications are usually driven by some other System component (on Google-blessed devices, it is Firebase Messaging Service via the Google Framework Services app) and not the actual app (in this case, the Huawei Email app) itself.

ignoramous avatar Sep 13 '22 19:09 ignoramous

Also see #544

ignoramous avatar Oct 14 '22 22:10 ignoramous

hi, i was about to report issue about firewall but i found this thread so i didn't. was wondering how firewall in rethinkdns actually work? i using firewall only mode and was doing some testing if internet connection actually blocked so i looked at dns logs (from nextdns that i set router level) it still sending request despite internet access for those apps already been blocked by rethinks. i felt like this is causing by rethink stats log that look for ip countries, is there a way to disable this?

i already check the app it show no internet connection but somehow dns logs show different.

should i worried about this? it look like leak to me

aykirito avatar Jul 15 '23 17:07 aykirito

i did some more testing this time with netguard. it give similar behaviour like rethink. seems like it normal behaviour from read on-demand explained in README rethink#firewall i guess.

aykirito avatar Jul 16 '23 03:07 aykirito

Closing this issue as no changes are required.

hussainmohd-a avatar Sep 12 '23 08:09 hussainmohd-a