This is really interesting! Have been doing something similar myself on my own phone (Android) for about a month using the wonderful NetGuard app ( https://f-droid.org/en/packages/eu.faircode.netguard/) which allows one to see the source and destination for each request from all apps.
NetGuard is amazing, really can't recommend it enough.
You can use it to specify which apps are allowed to use WiFi/data, and whether they're allowed to use all the time or only if screen is active. It also allows you to set a hosts file URL and update it with a single click. It has improved my battery life, I rarely see ads (both when using the browser and when using apps), and it force me to use old.reddit.com since reddit.com is blocked by my host file.
Without root there's no other way to route all traffic and android doesn't allow chained vpn's.
It's an excellent app, source code is on github, eventually ended up paying for it. There's far too many apps and system binaries dialing out, it's funny to watch in realtime. What's more amazing is how nothing breaks even when you lock down everything but the few things that need it. Blocking is fine grained and you'll have to scroll through a massive list if you choose to view system apps, but quite happy overall.
Main benefit of the paid option is pcap files. Free version does everything most will want. It's on fdroid.
I'm seeing potential for VPN providers to bolt this reporting on as a regular service. Maybe this is already set up in things like Streisand? Honestly, more and more people need to have the ability to administer their phones this way - for too long, its been a black box.
(If we still had real OS vendors, it'd be handy if this were builtin to the OS, duh...)
re: opening up Safari on the iPhone 'any website you have in your bookmarks can track that' I assume that's because it's checking/refreshing favicons? If that's all it is there's nothing nefarious about it but he sure is opaque in his statement.
Owner of jailbroken & firewalled iPhone(s) for many years here.
"Safari" is the app that does the browsing.
"com.apple.Webkit.networking" is the app that works in the background doing things like the icons refresh. Some other applications also use this "channel" (app) to reach out, and I usually have it on "Deny all". I like it better when apps do their own connections and don't hijack the "backroards".
The only two reasons I jailbreak ALL my idevices(s):
a. Firewall IP
b. Protect My Privacy (PMP)
You literally have no idea what goes in the background when you install and run an app if you don't spy on your phone.
The disgusting part is that even my bank's (NatWest) app, as well as LastPass talk to irrelevant companies when I fire them up, with (my) most hated being Facebook (which is of course blacklisted and added on my hosts file).
For my Android devices I always run "NoRootFirewall" which is a pretty good firewall.
Edit: Both FirewallIP (iOS) and NoRootFirewall (Android) have logging mechanisms so you can track what goes in/out and what is rejected. I am really looking forward to a NoRootFirewall-app for iOS. Something that creates an internal VPN allowing you to manage it.
FirewallIP is what's kept me on jailbroken iOS since the 3GS, but the lack of updates (or responses from the developer) and annoyance of dealing with jailbreaking is pushing me towards Android where rooting is well supported and can be done while keeping the OS up to date.
The solution I've settling on has been AFWall+ to ensure that only a limited set of apps can talk at all, and Netguard to control where those apps can talk. The interface is not as elegant as FirewallIP, but it does allow an easier ability to interactively allow and block specific destinations without firing up a text editor.
Nothing nefarious about it except that simply requesting a favicon means you have made a request, so now that site knows where you are. There’s really no need to request the favicon unless there is an actual page requested from the site.
Favicons are used as status icons for a lot of things these days, and in a bunch of cases it makes sense to refresh it. GMail offers it with a counter of how many unread emails you have, and a lot of our internal tools offer it as a thumbnail view of the status of the most recent job run.
This, BTW, is IMHO why recent Android versions refuse to use self-installed certificates for all traffic: to prevent you from knowing what apps are sending back home. It's not in Google's interest for you to control your phone and know what it's doing.
Or it could be the reason they've said they did it - this was a primary vector for malware authors to compromise user's information and devices. Not everything is a conspiracy.
Nice project. I considered doing something similar but in Android at least some apps use certificate pinning and thus mitmproxy would break them. How does this work in ios?
Readit News
It doesn't display the content type enough, afaik
You can use it to specify which apps are allowed to use WiFi/data, and whether they're allowed to use all the time or only if screen is active. It also allows you to set a hosts file URL and update it with a single click. It has improved my battery life, I rarely see ads (both when using the browser and when using apps), and it force me to use old.reddit.com since reddit.com is blocked by my host file.
It's an excellent app, source code is on github, eventually ended up paying for it. There's far too many apps and system binaries dialing out, it's funny to watch in realtime. What's more amazing is how nothing breaks even when you lock down everything but the few things that need it. Blocking is fine grained and you'll have to scroll through a massive list if you choose to view system apps, but quite happy overall.
Main benefit of the paid option is pcap files. Free version does everything most will want. It's on fdroid.
Would love if someone could enlighten me :)
https://blog.tendigi.com/starbucks-should-really-make-their-...
https://jeffhuang.com/extracting_my_data_from_the_hello_sens...
https://blog.dewhurstsecurity.com/2015/11/10/mobile-security...
I just had these bookmarked from when I was wondering the same thing
https://www.frida.re
https://blokada.org/
Use with care, as you may break things. I've been using it as-is with no disruptions/problems.
Native ad blocking only works when an app uses an obvious third party plugin for them. The native stuff all stays
(If we still had real OS vendors, it'd be handy if this were builtin to the OS, duh...)
RedHat, Canonical, and Microsoft are not "real" OS vendors?
"Safari" is the app that does the browsing.
"com.apple.Webkit.networking" is the app that works in the background doing things like the icons refresh. Some other applications also use this "channel" (app) to reach out, and I usually have it on "Deny all". I like it better when apps do their own connections and don't hijack the "backroards".
The only two reasons I jailbreak ALL my idevices(s):
a. Firewall IP
b. Protect My Privacy (PMP)
You literally have no idea what goes in the background when you install and run an app if you don't spy on your phone.
The disgusting part is that even my bank's (NatWest) app, as well as LastPass talk to irrelevant companies when I fire them up, with (my) most hated being Facebook (which is of course blacklisted and added on my hosts file).
For my Android devices I always run "NoRootFirewall" which is a pretty good firewall.
Edit: Both FirewallIP (iOS) and NoRootFirewall (Android) have logging mechanisms so you can track what goes in/out and what is rejected. I am really looking forward to a NoRootFirewall-app for iOS. Something that creates an internal VPN allowing you to manage it.
Please, do tell us more. Or write a post about it!
It is an eye opener to see how most apps behave (including the system apps).
The solution I've settling on has been AFWall+ to ensure that only a limited set of apps can talk at all, and Netguard to control where those apps can talk. The interface is not as elegant as FirewallIP, but it does allow an easier ability to interactively allow and block specific destinations without firing up a text editor.