[tor-talk] Android app: Torrific

Mike Perry mikeperry at torproject.org
Sat Jul 26 01:36:01 UTC 2014

> On 07/25/2014 09:24 AM, isis wrote:
> > CJ transcribed 2.5K bytes:
> >>
> >> On 07/24/2014 03:54 PM, u wrote:
> >>> CJ:
> >>>> On 07/24/2014 01:23 PM, u wrote:
> >>>>> Lunar:
> >>>>>> CJ:
> >>>>>>> Just a small announce (not sure if this is the right ML, sorry).
> >>>>>>> I'm developing an Android app allowing to block all IP traffic, and
> >>>>>>> force only selected app through Orbot.
> >>>>>>> This is done because neither Orbot nor AFWall (or other free, opensource
> >>>>>>> Android iptables managment interface) seem to be able to do that…
> >>>>>> Orbot is free software. Isn't there a way to add the needed features
> >>>>>> directly to it?
> >>>>>>
> >>>>>> Sorry if it's a naive question, I'm not very knowledgable regarding
> >>>>>> Android. But I know that asking our users to install 3 different apps or
> >>>>>> even more is not friendly.
> >>>>> AFAIK this works in Orbot if you have a rooted Android device.
> >>>> Not the "block all other output" part in fact :)
> >>> That said, I am also interested in your answer to Lunar's question :)
> >>> Why not contribute to Orbot instead?
> >>>
> >>> Cheers!
> >> It's possible I push some pull-request later, yes.
> >> But, as said in some previous email, I'm not really sure it's Orbot job
> >> to set up firewall… I rather prefer dedicated app for dedicated task —
> >> Orbot main task is, for me, connecting to Tor network… Basically, this
> >> just doesn't involve the firewall at all.
> >>
> >> But yeah, I know, users like "all-in-one apps" — who knows, once
> >> torrific is ready (i.e. no more broken rules, no more bugs like "craps,
> >> network's broken")… the devs may get some PR ;).
> >> Torrific is also, for me, a way to play with android without annoying
> >> other applications.
> >>
> >> To be honest, I'd rather contribute this function in AFWall than Orbot,
> >> as it already is a firewall manager (and not a bad one).
> >>
> >> Cheers,
> >>
> >> C.
> > 
> > I agree that this should be done outside Orbot, for several reasons that I'm
> > not going to get dragged into again. And FWIW, Mike's blog post on Android
> > security specifically recommends setting up DroidWall (a similar AOS
> > iptables-based firewall app) with some bash scripts to log and deny all leaky
> > traffic from Orbot.
> > 
> > My primary concern would be regarding whether Torrific's iptables rules are
> > applied ASAP after Orbot starts Tor, and I actually can't recommend anything
> > there (short of building a new initramfs which enforces starting the firewall
> > from there, early during the boot process).
> torrific works with an init-script blocking all the traffic — same way
> droidwall or afwall are working, same problem with older android versions.
> torrific starts on boot, maybe earlier than orbot, which is a good
> thing. it also uses orbot uid (as well as app uid) in order to set the
> redirects and allow orbot to go out.
> > 
> > DroidWall already has a mechanism for running user-specified scripts at
> > startup... Perhaps the most portable way to do what you're trying to do would
> > be to add a similar script-sourcing mechanism to AFWall? Then you could simply
> > maintain a repo of startup scripts which (hopefully) work for any Android
> > firewall app which supports this mechanism.
> problems with handmade scripts: how to catch app uid automatically?
> that's not userfriendly. Not at all…
> That was the first version of this app: an init-script, a "lib" written
> in shell, and a script applying the rules, using a shell array as source
> for application information.

FWIW, in the shell scripts in my howto[1], I do this UID detection in
shell with dumpsys. Here's an example script:

The userinit problem I solved in a Cyanogenmod-specific way (I think).
Cyanogenmod has a special init script location in
/data/local/userinit.sh. For extra fun, I think it supports that instead
of more standard Android init-scripts, because the AFWall+ startup
script hack does not work on my devices. That's the main reason I
created this userinit hack:

> the app I've done lists the installed application requesting network
> access, you just have to check those you're wanting to allow network
> access and they are forced through orbot :).

That LinPhone example script above also has another neat feature that I
wish were available by default in a firewall app such as this. It allows
only the UDP activity of LinPhone to bypass the Tor proxy. This means I
can make TLS+SIP+ZRTP calls where the call setup and signaling goes over
Tor, but encrypted voice and video data goes directly peer-to-peer over

I recognize the UI for supporting this in the general case is a bit
tricky to create without a lot of clutter, and it's questionable if you
want to expose this ability for all apps (because for non peer-to-peer
apps it can mean deanonymization to a central server). However, for this
specific case it is very handy, at least until Tor is performant enough
to support live, unbuffered voice+video data.

1. https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140725/890299db/attachment.sig>

More information about the tor-talk mailing list