How to face security Issues on Android 4.2

After installing AFWall+ I can only confirm that it works perfectly. The log shows that it blocks traffic stemming from my Solitaire app which now, since it’s blocked, is ad-free as well :slight_smile:
Fairly intuitive UI as well (although it took me some time to understand that AFWall needs permanent SU access :stuck_out_tongue: )

1 Like

Nice! This is very interesting, although I thought XPrivacy could do the job.
Some days ago I was impressed about the “brute force” of XPrivacy on Skype which was able to connect to the Internet and send/receive instant messages, but not able to talk, with or without video; I had to uncheck several options before being able to talk with Skype, so I think XPrivacy is stronger than your experiment seems to prove.
I’ll wait for your informations because your experiment is very interesting, thank you very much! :smile:

I suggest you even AdAway if you want to block ads while browsing, because a firewall can block all the Internet access, not simple URLs pointing to ads (something is possible with a deeper configuration of course…and however not every possible problem is solvable with simply a firewall)

Hello again,

I investigated the XPrivacy rule for the solitaire game and found that not all routines which are guoped under the right “Internet Access” where blocked. By blocking all functions manualy XPrivacy also blocked the Ads as save as AFWall+ does.

So how could it happen, that just some of the internet functions where blocked?
By digging a little at the different options of the program I found a Template section. It seems that If you deny an App to access a right the configured template will be used and at the template for internet access not all rights become blocked.

I can’t remember that I have modified this options so I don’t know if it is the standard to don’t deny the access to every internet option. But the riddle is solved and I have something to do in the near future - checking all templates ;).

regards,
Shiny

3 Likes

Very good catch! :smile:
Thank you!

21 posts were moved here from our wiki post Constructive tips to improve security.

You can discuss here and contribute to the wiki post with your solutions.

1 Like

There are different ways to connect to internet. Some do not involve connecting the app itself to the internet, so more restrictions might be needed.
BTW, I’m using both, AFWall+ and Xprivacy simultaneously without any issues. AFWall+ has a quite useful feature to allow connection on Wifi only. As far I know, you cant do that with XPrivacy.

Hi can you please help finding a working demo/apk for the CVE-2014-7911? An apk causing system server crash would be enough.

2 Likes

There doesn’t seem to be any for Android 4.2, unfortunately. I tried GitHub - retme7/CVE-2014-7911_poc: Local root exploit for Nexus5 Android 4.4.4(KTU84P) together with GitHub - retme7/CVE-2014-4322_poc: Gain privileges:system -> root,as a part of https://github.com/retme7/CVE-2014-7911_poc, but that specific demo seems to rely on Android 4.4 features and fails under 4.2.

1 Like