No - nothing can completely protect your privacy. InternetGuard will do its best, but it is limited by the fact it must use the Android VPN service. This is the trade-off required to make a firewall which does not require root access. The firewall can only start when Android "allows" it to start, so it will not offer protection during early boot-up (although you can disable your network before rebooting). Also, the Android VPN service needs to be restarted to apply new rules when connectivity has changed or when the screen is being turned on or off. It will, however, be much better than nothing.
In the advanced options you can enable Seamless VPN handover on reload to prevent traffic from leaking when the Android VPN service is being restarted. However, this does not work properly on all Android versions/variants causing InternetGuard to hang and block all connections.
On Android N and later InternetGuard can be configured as Always-On VPN. On Android O do not enable the sub option 'Block connections without VPN', see question 51) for more information on this.
To protect yourself more, remember to disable Wi-Fi and mobile data before rebooting, and only enable them on reboot, after the firewall service has started (and the key icon is visible in the status bar).
If the VPN application is using the VPN service, then no, because InternetGuard needs to use this service. Android allows only one application at a time to use this service.
InternetGuard is a firewall application, so there is no intention to add VPN support. However, InternetGuard supports a SOCKS5 proxy to chain VPN applications.
No, the minimum required Android version is 5.1 (Lollipop)
By default InternetGuard will hardly use any battery power. All settings resulting in extra battery usage, like IP filtering and logging, have a warning. If InternetGuard uses a lot of battery power, please double check your settings.
No, depending on the mode of operation basically one of two things will happen with your internet traffic:
The Android VPN service is being used to locally route all internet traffic to InternetGuard so no root is required to build this firewall application. InternetGuard, unlike all other no-root firewalls applications, is 100% open source, so when you are in doubt you can check the source code yourself.
Internet permission can be granted with each application update without user consent. By showing all applications, InternetGuard allows you to control internet access even before such an update occurs.
You need 3 packages (applications) enabled (use search in InternetGuard to find them quickly):
Since the Google Play™ store app has a tendency to check for updates or even download them all by itself (even if no account is associated), one can keep it in check by enabling "Allow when screen is on" for all 3 of these packages. Click on the down arrow on the left side of an application name and check that option, but leave the network icons set to red (hence blocked). The little human icon will appear for those packages.
Note that InternetGuard does not require any Google service to be installed.
The VPN service will be restarted when you turn the screen on or off and when connectivity changes (Wi-Fi, mobile) to apply the rules with the conditions 'Allow when screen is on' and 'Block when roaming'.
No, because if Tasker is allowed to disable InternetGuard, any application can disable InternetGuard. Allowing a security application to be disabled by other applications is not a good idea.
Note that, whether or not you get a dialog warning to agree upon, this operation will also disable any information or warning notifications from InternetGuard, such as the new application installed notification.
Some Android versions display an additional notification, which might include a key icon. This notification, unfortunately, cannot be removed.
There might be another (invisible) application on top of the VPN connection request dialog. Some known (screen dimming) applications which can cause this are Lux Brightness, Night Mode, and Twilight. To avoid this problem, at least temporarily, close all applications and/or services which may be running in the background.
Disabled applications and applications without internet permission are shown dimmed.
It isn't. InternetGuard doesn't allocate any memory, except a little for displaying the user interface elements and for buffering traffic. It appears, on some Android variants, that the Google Play™ store app connection uses almost 150 MB. It is needed for in-app donations, and is incorrectly attributed to InternetGuard instead to the Google Play™ store app.
InternetGuard requires at least Android 5.1, so it is not available in the Google Play™ store app on devices running prior Android versions.
If you block internet access for an application, there is no way around it. However, applications could access the internet through other (system) applications/components. For example, Google Play services receives incoming push messages and ads for most applications, including WhatsApp and Facebook messenger. You can prevent this by blocking internet access for the other application/component as well. You can block system applications and components, like Google Play services, by enabling the advanced NetGuard option Manage system apps. This can best be diagnosed by checking the global access log (three dot menu, Show log).
Note that some applications keep trying to access the internet, which is done by sending a connection request packet. This packet goes into the VPN sinkhole when internet access for the application is blocked. This packet consists of less than 100 bytes and is counted by Android as outgoing traffic and will be visible in the speed graph notification as well.
No. Greenifying or otherwise hibernating NetGuard will result in rules not being applied when connectivity changes from Wi-Fi/mobile, screen on/off, and roaming/not roaming.
I am not sure, because the doze mode documentation is not clear if the Android VPN service will be affected. To be sure, you can disable battery optimizations for NetGuard manually like this:
Android settings > Battery > three dot menu > Battery optimizations > Dropdown > All apps > NetGuard > Don't optimize > Done
The procedure to accomplish this can vary between devices.
Disabling doze mode for NetGuard cannot be done from within NetGuard because, according to Google, NetGuard is not an application type allowed to do this.
Yes, but you'll need to enable subnet routing and tethering in the NetGuard network settings. Whether or not it works depends on your Android version because some Android versions have a bug preventing tethering and the VPN service working together.
Some devices hibernate Wi-Fi, preventing tethering from working when the screen is off. This behavior can be disabled in the Android enhanced/advanced Wi-Fi settings.
Android can kill background services at any time. This can only be prevented by turning a background service into a foreground service. Android requires an ongoing notification for all foreground services to make you aware of potential battery usage (see question 4). So, the notification cannot be removed without causing instability. However, the notification is being marked as low priority, which should result in moving it to the bottom of the list.
The key icon and/or the VPN running notification, which is shown by Android and not by InternetGuard, unfortunately, cannot be removed. The Google documentation states: "A system-managed notification is shown during the lifetime of a VPN connection".
Android 8 Oreo and later display a notification "... running in the background" listing all apps running in the background. You can't disable this notification, but you can remove the icon from the status bar like this:
There is no need for a 'Select All' function because you can switch from block (blacklist) to allow (whitelist) mode using Internetguard's settings. See also question 0.
The columns have the following meanings:
Protocols:
Packet flags:
Only TCP, UDP, and ICMP ping traffic can be routed through the Android VPN service. All other traffic will be dropped and will be shown as blocked in the global traffic log. This is almost never a problem on an Android device.
The Google connectivity services system application checks if the current network is really connected to the internet. This is probably accomplished by briefly connecting to some Google server.
If this is not the case, there will be an '!' in the Wi-Fi or mobile icon in the system status bar.
Recent Android versions seem not to switch connectivity from mobile to Wi-Fi when the Wi-Fi network is not really connected, even though there is a connection to the Wi-Fi network (or the other way around). On Android 6.0 and later you might get a notification asking you if you want to keep this connection on or not. To prevent a bad user experience, InternetGuard includes a predefined rule to default allow the Google connectivity services.
You can find all predefined rules here.
You can override predefined rules.
You can only purchase pro features when you have installed InternetGuard from the Google Play store.
For many purposes, including network access, Android groups applications on UID and not on package/application name. Especially system applications often have the same UID, despite having a different package and application name; these are set up like this by the ROM manufacturer at build time. These applications can only be allowed/blocked access to the internet as a group.
This is because Android counts battery and network usage which is normally counted for other applications against InternetGuard in IP filtering mode. The total battery usage is slightly higher when IP filtering mode is enabled. IP filtering mode is always enabled on Android versions prior to 5.0, and optionally enabled on later Android versions.
InternetGuard "asks" Android to start the local VPN service, but some Android versions contain a bug which prevents the VPN from starting (automatically). Sometimes this is caused by updating InternetGuard. Unfortunately this cannot be fixed by InternetGuard. You can try to restart your device and/or revoke the VPN permissions from InternetGuard using the Android settings. Sometimes it helps to uninstall and install InternetGuard again (be sure to export your settings first!).
On most devices, InternetGuard will keep running in the background with its foreground service. On some devices (in particular some Samsung models), where there are lots of applications competing for memory, Android may still stop InternetGuard as a last resort. Unfortunately this cannot be fixed by InternetGuard, and can be considered a shortcoming of the device and/or as a bug in Android. You can workaround this problem by enabling the watchdog in the InternetGuard advanced options to check every 10-15 minutes.
The Android VPN service handles outgoing connections only (from applications to the internet), so incoming connections are normally left alone.
If you want to run a server application on Android, then be aware that using port numbers below 1024 require root permissions and that some Android versions contain routing bugs, causing inbound traffic incorrectly being routed into the VPN.
If a purchased pro feature doesn't work as described and this isn't caused by a problem in the free features and I cannot fix the problem in a timely manner, you can get a refund. In all other cases there is no refund possible. In no circumstances there is a refund possible for any problem related to the free features, since there wasn't paid anything for them and because they can be evaluated without any limitation. I take my responsibility as seller to deliver what has been promised and I expect that you take responsibility for informing yourself of what you are buying.
Developing InternetGuard was quite a challenge and really a lot of work, but fun to do. A good product deserves good support, which means, in practice, that I am spending 30-60 minutes each and every day answering questions and solving problems. Just about 1 in 1000 downloaders purchase any of the pro features, so support is basically one way. This is not maintainable in the long run and this is why advertisements were added. Purchasing any of the pro features will completely disable advertisements and help keep the project going.
InternetGuard is a firewall application that filters internet traffic on your device (see also this question), so it is not meant to - and does not - encrypt your internet traffic or hide your IP address.
Yes, InternetGuard will automatically be started on boot if you powered off your device with InternetGuard enabled and InternetGuard is not installed on external storage.
Some devices, for example OnePlus and Mi devices, can prevent certain apps from auto-starting after reboot. This can be disabled in the Android settings.
Make sure you have put InternetGuard on the doze exception list (Android 6 Marshmallow or later) and that Android allows InternetGuard to use the internet in the background (see also this question).
Make sure you are not running InternetGuard in allow (whitelist) mode (check the InternetGuard default settings).
Make sure you didn't enable the Always-On VPN setting 'Block connections without VPN' (Android 8 Oreo or later). This will block resolving domain names too (is it a bug or feature?).
Some Android versions contain a bug resulting in all internet traffic being blocked. Mostly, you can workaround this bug by enabling filtering in InternetGuard's Advanced options.
Basically, InternetGuard doesn't use data itself. However, many Android versions incorrectly account data of other applications flowing through InternetGuard to InternetGuard instead of to the applications. The data usage of other applications will be zero with InternetGuard enabled in this case.
The total data usage of your device will be the same with and without InternetGuard.