NetGuard provides simple and advanced ways to block access to the internet - no root required. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.
WARNING: there is an app in the Samsung Galaxy app store "Play Music - MP3 Music player" with the same package name as NetGuard, which will be installed as update without your confirmation. This app is probably malicious and was reported to Samsung on December 8, 2021.
Blocking access to the internet can help:
- reduce your data usage
- save your battery
- increase your privacy
NetGuard is the first free and open source no-root firewall for Android.
Features:
- Simple to use
- No root required
- 100% open source
- No calling home
- No tracking or analytics
- Actively developed and supported
- Android 5.1 and later supported
- IPv4/IPv6 TCP/UDP supported
- Tethering supported
- Optionally allow when screen on
- Optionally block when roaming
- Optionally block system applications
- Optionally forward ports, also to external addresses (not available if installed from the Play store)
- Optionally notify when an application accesses the internet
- Optionally record network usage per application per address
- Optionally block ads using a hosts file (not available if installed from the Play store)
- Material design theme with light and dark theme
PRO features:
- Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
- Allow/block individual addresses per application
- New application notifications; configure NetGuard directly from the notification
- Display network speed graph in a status bar notification
- Select from five additional themes in both light and dark version
There is no other no-root firewall offering all these features.
Requirements:
- Android 5.1 or later
- A compatible device
Downloads:
Certificate fingerprints:
- MD5: B6:4A:E8:08:1C:3C:9C:19:D6:9E:29:00:46:89:DA:73
- SHA1: EF:46:F8:13:D2:C8:A0:64:D7:2C:93:6B:9B:96:D1:CC:CC:98:93:78
- SHA256: E4:A2:60:A2:DC:E7:B7:AF:23:EE:91:9C:48:9E:15:FD:01:02:B9:3F:9E:7C:9D:82:B0:9C:0B:39:50:00:E4:D4
Usage:
- Enable the firewall using the switch in the action bar
- Allow/deny Wi-Fi/mobile internet access using the icons along the right side of the application list
You can use the settings menu to change from blacklist mode (allow all in Settings but block unwanted applications in list) to whitelist mode (block all in Settings but allow favorite applications in list).
- Red/orange/yellow/amber = internet access denied
- Teal/blue/purple/grey = internet access allowed
For more screenshots, see here.
The only way to build a no-root firewall on Android is to use the Android VPN service. Android doesn't allow chaining of VPN services, so you cannot use NetGuard together with other VPN based applications. See also this FAQ.
NetGuard can be used on rooted devices too and even offers more features than most root firewalls.
Some older Android versions, especially Samsung's Android versions, have a buggy VPN implementation, which results in Android refusing to start the VPN service in certain circumstances, like when there is no internet connectivity yet (when starting up your device) or when incorrectly requiring manual approval of the VPN service again (when starting up your device). NetGuard will try to workaround this and remove the error message when it succeeds, else you are out of luck.
Some LineageOS versions have a broken Android VPN implementation, causing all traffic to be blocked, please see this FAQ for more information.
On GrapheneOS, the Android Always-On VPN function and the sub option 'Block connections without VPN' are enabled by default. However, this sub option will result in blocking all traffic, please see this FAQ.
NetGuard is not supported for apps installed in a work profile, or in a Secure Folder (Samsung), or as second instance (MIUI), or as Parallel app (OnePlus), or as Xiaomi dual app because the Android VPN service too often does not work correctly in this situation, which can't be fixed by NetGuard.
NetGuard is not supported for internet connections via a wire, like ethernet or USB, because the Android VPN service often doesn't work properly in this situation.
Filtering mode cannot be used on CopperheadOS.
NetGuard will not work or crash when the package com.android.vpndialogs has been removed or otherwise is unavailable. Removing this package is possible with root permissions only. If you disable this package, you can enable it with this command again:
adb shell pm enable --user 0 com.android.vpndialogs
NetGuard is supported on phones and tablets with a true-color screen only, so not for other device types like on a television or in a car.
Android does not allow incoming connections (not the same as incoming traffic) and the Android VPN service has no support for this either. Therefore managing incoming connections for servers running on your device is not supported.
Wi-Fi or IP calling will not work if your provider uses IPsec to encrypt your phone calls, SMS messages and/or MMS messages, unless there was made an exception in NetGuard for your provider (currently for T-Mobile and Verizon). I am happy to add exceptions for other providers, but I need the MCC codes, MNC codes and IP address ranges your provider is using. As an alternative you can enable the option 'Disable on call', which is available since version 2.113.
(1) Can NetGuard completely protect my privacy?
(2) Can I use another VPN application while using NetGuard?
(3) Can I use NetGuard on any Android version?
(4) Will NetGuard use extra battery power?
(6) Will NetGuard send my internet traffic to an external (VPN) server?
(7) Why are applications without internet permission shown?
(8) What do I need to enable for the Google Play™ store app to work?
(9) Why is the VPN service being restarted?
(10) Will you provide a Tasker plug-in?
(13) How can I remove the ongoing NetGuard entry in the notification screen?
(14) Why can't I select OK to approve the VPN connection request?
(15) Are F-Droid builds supported?
(16) Why are some applications shown dimmed?
(17) Why is NetGuard using so much memory?
(18) Why can't I find NetGuard in the Google Play™ store app?
(19) Why does application XYZ still have internet access?
(20) Can I Greenify/hibernate NetGuard?
(21) Does doze mode affect NetGuard?
(22) Can I tether (use the Android hotspot) / use Wi-Fi calling while using NetGuard?