Hi, from your experience which apps i should allow connection to wifi and mobile so android system works well but also which apps should i definitevly block to still have most from anonimity/privacy? Using Invisible so firewall is based on Netguard.
First, what are you trying to accomplish here?
Mosttly stop any background tracking, sending info to google or other parties, just best setup for privacy on android (Cant use custom rom)
NextDNS can help a lot here. It’s hard to say which domain from which app will still work if you block them because many apps and services do rely on Google and Google provided tools and services for them to work on Android.
Perhaps someone else has a better answer. I don’t use stock Android so not sure of all the features and functionality within to limit what you want.
2 Likes
there is so many these com.android ones haha using xiaomi btw
Yeah, with that Chinese crap (sorry, but it is from a privacy and security POV), it’s very difficult.
I recommend NextDNS with Hagezi’s Multi PRO blocklist.
Add update.intl.miui.com & srv.sec.intl.miui.com to the allowlist.
1 Like
But why you guys recommend me nextdns?? i was asking which apps should i block (specially system apps in already existing firewall) + we had just had fresh topics in forum to not use dns services with tor
I mean i know i need to block app like Analytics or MSA, and probably allow some connectevity ones like com.android.providers etc. but llooking for some tips which more are needed or not
I’ve used both of these successfully. But I’m not giving any advice on how to use them.
You can block the network access of system apps of which you don’t understand the functionality and then allow them or whitelist domains in case of an issue or lost functionality that you might want.
You can safely delete everything with that fl0w, and the other one has a recommend option.
And after that, turn on Android Private DNS and set it to NextDNS. Do everything according to the guide below. For the list, just use HaGeZi Multi Pro++.
Remember to whitelist the following
Configurable DNS:
- NextDNS
- RethinkDNS
Thanks that might be useful, wont use nextdns tho, bcs it would decrease my anonimity on tor
I’d get the device’s security sorted out first before worrying about Tor, but you do you.
2 Likes
Rethink app user here. Similar setup can be done with Netguard + private DNS with only downside being lockdown down mode not possible with netguard.
This is what I did and tested with some non custom ROM phones
-
Disable background internet access and battery usage for all apps except very few which are regularly used. Some system components like Google play services have these options grayed out so ignore it.
-
Allow internet access only for most regular apps, browser, android download manager, instant messengers, play store and play services.
-
Whitelist an app in rethink when needed and block again it after use.
Is Rethink still working good for you, for me since last actualizations it stopped working well, either no connection or its leaking my isp, thats why i came back to netguard until they fix that
And please somebody tell me when to use private dns with tor and when not, i seen so many posts with people telling not to use, now everybody is telling to use, so undecided and now im undecided too 
Tor should bypass your DNS settings, the exit relay resolves domains using their own DNS.
You can check that with a dns leak test.
2 Likes