Some firewalled apps can still access internet sometimes?

[ignoramous]

A user says,

Hello there, some system apps can still access internet sometimes even I have never disconnected from Rethink dns firewall. Here is the image showing those apps' network usage

I have also noticed that apps that I've blocked have, according to Android, sent meager traffic (within 100 KBs). May be Always-on VPN is critical to prevent any such leaks? Or, may be Android's accounting for the app's DNS / ICMP traffic (RethinkDNS does not block ICMP celzero/firestack#3 and cannot know which app sent DNS request #270 though it can block them if it knew it was sent from a firewalled-app).

Interesting.

[ignoramous]

Unrelated, but also see: #364

screenshot

[pukkancsanyo]

Hi, I think I have the same issue. I keep getting new mails through Huawei’s default e-mail app, although it’s fully blocked. I cannot figure out why.

screenshots

[ignoramous]

The Huawei email app is a system app. If so, it can bypass the VPN Rethink sets up (and thus the firewall) See: #224

[pukkancsanyo]

Thanks for the reply. OK, so that's why it seems to be blocked in the logs (every connection by it listed in the log is red), while it keeps getting new messages. It can make some other connections which are not logged and not blocked either, which is pretty unfortunate in the case of spying system apps.
Thanks for all the info.

[ignoramous]

It can make some other connections which are not logged and not blocked either

Yes, but let me clarify: If the Huawei Email app wanted to bypass the VPN firewall, it could. But, does it? That's unclear.

OK, so that's why it seems to be blocked in the logs (every connection by it listed in the log is red), while it keeps getting new messages. It can make some other connections which are not logged and not blocked either, which is pretty unfortunate in the case of spying system apps.

So: The notifications are usually driven by some other System component (on Google-blessed devices, it is Firebase Messaging Service via the Google Framework Services app) and not the actual app (in this case, the Huawei Email app) itself.

[ignoramous]

Also see #544

[aykirito]

hi, i was about to report issue about firewall but i found this thread so i didn't. was wondering how firewall in rethinkdns actually work? i using firewall only mode and was doing some testing if internet connection actually blocked so i looked at dns logs (from nextdns that i set router level) it still sending request despite internet access
for those apps already been blocked by rethinks. i felt like this is causing by rethink stats log that look for ip countries, is there a way to disable this?

i already check the app it show no internet connection but somehow dns logs show different.

should i worried about this? it look like leak to me

[aykirito]

i did some more testing this time with netguard. it give similar behaviour like rethink. seems like it normal behaviour from read on-demand explained in README rethink#firewall i guess.

[hussainmohd-a]

Closing this issue as no changes are required.