• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Blockort 80, http, unencrypted traffic

M

Michael Ross 69

Lurker
I have searched the web, google play store with no luck.
I am looking for a way to bar all port 80 traffic, http an any other unencrypted traffic on my Android 9 mobile phone all apps that doesn't require rooting the phone.
 
The main point being, port 80 is a system reserved port (any port <=1023). So it is either your Android ROM that has the port open (Stock Android does not come this way, but maybe samsung or another vendors ROM does), or you have a rooted device and have allowed an application to open the port. It is not possible for a regular app from the store to listen on port 80.

Have you tried connecting to the socket? Use telnet on another device to try to connect.

Have you tried a scan from the device? Install a port scanner and run it on localhost/127.0.0.1. It should return no open ports <=1023.

If it returns open for 80, then it might be your ROM.
 
Michael Ross 69 said:
.....that doesn't require rooting the phone.
Click to expand...

Blocking specific ports will be something that requires system-level permissions so what you're asking isn't practical.
You can use a non-root firewall app, like NetGuard or Mobiwol, to selectively block apps from any WiFi or mobile data connectivity but those types of firewall apps work on apps and their relative processes, not ports so this probably isn't what you're seeking.
 
Dannydet said:
The main point being, port 80 is a system reserved port (any port <=1023). So it is either your Android ROM that has the port open (Stock Android does not come this way, but maybe samsung or another vendors ROM does), or you have a rooted device and have allowed an application to open the port. It is not possible for a regular app from the store to listen on port 80.

Have you tried connecting to the socket? Use telnet on another device to try to connect.

Have you tried a scan from the device? Install a port scanner and run it on localhost/127.0.0.1. It should return no open ports <=1023.

If it returns open for 80, then it might be your ROM.
Click to expand...

Thanks Dannydet,

It is a Samsung Galaxy A20 not rooted, I installed All connections app from the google store, it shows apps connected, their IP addresses and Ports. A few apps are using Port 80, probably just sync requests, don't want to go down the sniffer track, too much to monitor, just want to block apps using insecure connections. Don't want to root, scared of bricking a 3 month old phone under warranty.
 
svim said:
Blocking specific ports will be something that requires system-level permissions so what you're asking isn't practical.
You can use a non-root firewall app, like NetGuard or Mobiwol, to selectively block apps from any WiFi or mobile data connectivity but those types of firewall apps work on apps and their relative processes, not ports so this probably isn't what you're seeking.
Click to expand...

Thanks Svim

Tried NetGuard, cannot global block ports.

It is a Samsung Galaxy A20 not rooted, I installed All connections app from the google store, it shows apps connected, their IP addresses and Ports. A few apps are using Port 80, probably just sync requests, don't want to go down the sniffer track, too much to monitor, just want to block apps using insecure connections. Don't want to root, scared of bricking a 3 month old phone under warranty.
 
Michael Ross 69 said:
Thanks Svim

Tried NetGuard, cannot global block ports.

It is a Samsung Galaxy A20 not rooted, I installed All connections app from the google store, it shows apps connected, their IP addresses and Ports. A few apps are using Port 80, probably just sync requests, don't want to go down the sniffer track, too much to monitor, just want to block apps using insecure connections. Don't want to root, scared of bricking a 3 month old phone under warranty.
Click to expand...

Also Netgaurd interferes with VPN, I think VPN is blocking incoming connections, I am worried about what apps are sending info out unencrypted.
 
Non-root firewall apps rely upon a local-only VPN process where online packets get funneled through it. This local VPN is where the filtering is applied. Root-required firewall apps, like AFWall+, don't need any VPN as they have system-level access and can tie directly to iptables, the firewall service that's already integral to the Linux kernel. (non-root apps only have user-level permissions so no access to iptables.)
The issue then is you can only have one VPN service running on your device so you need to pick which suits your needs the best.
Best practice is apps 'should' rely upon https to communicate with their home services online but of course that's not an absolute. Things like user I.D. and password data should be using a secure connection but a lot of traffic (i.e. Google News updating itself on the latest articles to display or whatever) doesn't need to go through https. Even if you were to readily be able to block port 80, it's not like you can then just set each app that does use http to exchange data to not use port 80, that's something that gets set up by the developer of the app itself. All you would do is break the functionality of a lot of apps.
 
svim said:
Non-root firewall apps rely upon a local-only VPN process where online packets get funneled through it. This local VPN is where the filtering is applied. Root-required firewall apps, like AFWall+, don't need any VPN as they have system-level access and can tie directly to iptables, the firewall service that's already integral to the Linux kernel. (non-root apps only have user-level permissions so no access to iptables.)
The issue then is you can only have one VPN service running on your device so you need to pick which suits your needs the best.
Best practice is apps 'should' rely upon https to communicate with their home services online but of course that's not an absolute. Things like user I.D. and password data should be using a secure connection but a lot of traffic (i.e. Google News updating itself on the latest articles to display or whatever) doesn't need to go through https. Even if you were to readily be able to block port 80, it's not like you can then just set each app that does use http to exchange data to not use port 80, that's something that gets set up by the developer of the app itself. All you would do is break the functionality of a lot of apps.
Click to expand...

Thanks Svim
Have installed a sniffer, shall remove apps that I don't trust. Its a shame they don't automatically sell phones rooted with appropriate security installed. If I could block port 80 or anything else unencrypted, I would just remove the apps that break.
 
You must log in or register to reply here.
Back
Top Bottom