Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Android 4.4 security issues.

Support for cstorm connection questions relating to mobile platforms: Android, iOS, etc. Also: our team is working on stormphone in this area & we'll post public data on that project here as it becomes available. Cheers!
User avatar

Topic Author
acid1c
Posts: 49
Joined: Sat Aug 31, 2013 5:42 am

Android 4.4 security issues.

Postby acid1c » Tue Dec 17, 2013 8:05 pm

As it stands with openvpn for android and afwall+ on android 4.4. the only way I can manage to gain internet access on Firefox and apps is to allow it access to WiFi. meaning it outright ignores the VPN control at the moment.

To me this is a security/privacy threat due to the fact that for any reason the VPN may fall or openvpn for android may force close it will leave you openly exposed at your originating IP.

If there is a way to easily implement manual iptables, I would like to try that when I can.

tmp_Screenshot_2013-12-17-09-51-57-2145238110.png
Bitmessage me with Questions, Help, or ChitChat :) - BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT
" Those who do not move, do not notice their chains." -Rosa Luxemburg

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: Android 4.4 security issues.

Postby DesuStrike » Tue Dec 17, 2013 9:39 pm

I have the exact same problem with stock rom and every custom rom based on Android 4.4. Looks like Google AGAIN changed something in a way that breaks security relevant applications. My first beef with Android started when I learned that they changed something that effectively breaks all apps that enforced custom DNS rules. But I get off the point...

Right now I reverted back to 4.3 because I just had it with Google breaking my security concepts. I know this is not the ultimate solution because I miss out on security patches but the whole thing is a giant dilemma and thus I had to make some decision. I'm sorry that I did not bring up this matter myself. This was selfish of me.

Problem is: I don't know any manual way to enforce iptables rules in the way AFWall+ did. AFAIK iptables only know IP-adresses, ports and network devices (like TUN / TAP / ETH / WIFI). So to my knowledge there is no way to create application specific iptable rules. Don't ask me how AFWall+ did that. Maybe it has something to do with busybox, maybe I just don't know enough about iptables.


My suggestion would be to revert to 4.3 for the time being and hope that they find a way to make AFWall+ work like it had before. But don't get your hopes up too much. The DNS problem for example seems to stay for good and I have a bad feeling about these firewall issues.


Other than that I strongly support he request for any still working alternatives that might exist.
home is where the artillery hits

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Android 4.4 security issues.

Postby Pattern_Juggled » Fri Dec 20, 2013 7:10 am

I'm moving this over to Graze's dedicated smartphone subforum, as there's an upcoming push to staff up and deploy cryptostorm in this ecosystem that will become significantly more active in coming weeks. By grouping all the related discussions in one place, I hope we can pool knowledge and experience more effectively and make faster progress as a result.

As to the question regarding iptables, afaik there's packages for Android that allow native (or native-ish) iptables implementations on Android - but they require phone rooting. I'll see if I can dig up details, but a quick spin through the Play store will likely turn up most of the relevant info.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Return to “stormphone - the "cryptostorm phone" project [cryptostorm.org/stormphone]”

Who is online

Users browsing this forum: No registered users and 1 guest

Login