The analysis of NetGuard v2.330 reveals that, despite providing effective no-root firewall functionality, the app collects and transmits sensitive device and network data to Google without explicit user consent.
NetGuard is a popular Android application that provides users with a no-root firewall solution for managing and controlling network access on their devices. The app allows users to block both Wi-Fi and mobile data access on a per-application basis, giving them greater control over which apps can access the internet.
This application requests the following permissions:
android.permission.READ_PHONE_STATE: Allows the application to access the phone features and state of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
android.permission.ACCESS_NETWORK_STATE: Allows an application to view the status of all networks.
android.permission.ACCESS_WIFI_STATE: Allows an application to view the information about the status of Wi-Fi.
android.permission.RECEIVE_BOOT_COMPLETED: Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
android.permission.WAKE_LOCK: Allows an application to prevent the phone from going to sleep.
android.permission.INTERNET: Allows an application to access Internet.
android.permission.VIBRATE: Allows the application to control the vibrator.
android.permission.FOREGROUND_SERVICE: Allows the application to create foreground services and keep running in the background.
android.permission.QUERY_ALL_PACKAGES: Allows the application to query any package currently installed on the phone.
android.permission.POST_NOTIFICATIONS: Allows the application to post notifications.
android.permission.FOREGROUND_SERVICE_DATA_SYNC: Allows the application to create foreground services and keep synchronizing data in the background.
com.android.vending.BILLING: Allows the application to support in-app purchase.
In the course of analyzing the Android application, it was observed that the app transmits a variety of device-specific and network-related data to Google. As the application supports in-app purchase with Android Billing (e.g. to purchase the PRO version), the application collects, without user’s consent, the following information and transmits the information to https://firebaselogging.googleapis.com/v0cc/log/batch. The analysis of the MANIFEST confirms the integration of Android Billing since an activity com.android.billingclient.api.ProxyBillingActivity is declared.
The transmitted data includes:
Device Information: This category encompasses details about the user’s device, such as the model, manufacturer, and fingerprint. This information can be used to identify individual devices and track user behavior across different applications.
Country Level Location Data: The application collects both the user’s locale and country information. This data can be used to target advertisements and personalize content based on the user’s geographic location.
Carrier Information: The MCC and MNC codes (read from the SIM card) provide a unique identifier for the user’s mobile carrier. This information can be used to track the user’s network usage and potentially identify their location.
Network Metrics and Connection Type: The application collects various metrics related to the user’s network connection, including the type of connection (e.g., Wi-Fi). This data can be used to analyze network performance and identify potential issues.
It’s important to note that the collection and transmission of this data may raise privacy concerns depending on the user’s threat model, as it can be used to track and potentially identify individual users. Users may be unaware of the extent of data collection and transmission, and they may not have given explicit consent for their data to be used in this manner.
The analysis of NetGuard v2.330 confirms that the application provides users with an effective no-root firewall solution, enabling them to control which apps can access the internet via both Wi-Fi and mobile data. However, this functionality comes with privacy concerns. Despite the application’s intent to protect users from unwanted network access by apps, our investigation reveals that NetGuard itself collects and transmits device-specific data to Google, including information such as device model, manufacturer, network details, mobile carrier information, and country-level location data. This data collection occurs without explicit user consent and is sent to Google’s Firebase logging service, which is integrated into the app’s billing mechanisms.
Furthermore, the application requests a range of permissions that allow it to access sensitive device information, including READ_PHONE_STATE and ACCESS_NETWORK_STATE, among others. While some of these permissions are justified for the firewall’s functionality, others—such as the ability to collect information from the SIM card—raise questions about potential overreach in terms of data access.
In light of these findings, while NetGuard remains a powerful tool for managing app network access without root privileges, users should be made aware of the data collection practices embedded within the application. Those with heightened privacy concerns, particularly around device tracking and personal data sharing with third parties like Google, may want to exercise caution. To maintain transparency and user trust, it would be advisable for future versions of NetGuard to provide clearer consent mechanisms and greater control over the data shared with third-party services.