I did a pcap (network capture) of my Android when the device boots up and it's been shocking to see how many apps phone home when I boot my device.
Dozens of apps. It's bad. Very bad.
Discussion
How you do that?
PCAPDroid
if using WiFi, running a span port off your network on the same vlan is ideal then trying to capture all from the endpoint.
You maybe using cellular though.
Graphene has the same issue and these VPN-based firewalls all suck :(
have you ever tried routing your entire traffic through a l2tp/ipsec VPN connection? if you think macos would make it easy, you're wrong. if you think this option below is sufficient to do so, you are wrong again. tried yourself, if this command times out, you are good, if not, your are leaking traffic my friend.
curl --interface eth0 https://yahoo.com"
this is not enough.
I'd like to see a comparison with an iOS device that has a bunch of apps installed.
Easy hack I use, and while not boot time pcap is basically script kiddie tech to see runtime connections a single app makes :
- install iOS app on macOS
- install little snitch
- boot iOS app
Install Shelter and freeze the bad apps in work profile.
just tried and I didn't had many, just two.
Anyone know if there’s a little snitch/lulu app for iOS or Android?
Ugh. I just assumed that apps wouldn’t be able to take any actions unless I launched them. Guess that assumption was wrong.
