Firewall Profiles to Block Apps From Using 3G/Wifi and Save Battery

Toggle sidebar Toggle sidebar
M

mmarz

Well-known member
Mar 9, 2011
1,130
447
0
Visit site
Some of you might have already read my threads on testing the Optimus V:
http://forum.androidcentral.com/optimus-v/71693-optimizing-battery-drain-optimus-v.html
http://forum.androidcentral.com/opt...attery-drain-optimization-tests-part-2-a.html

To sum up the conclusions:
1. The CM7 roms have a Wifi bug that drains the battery rapidly
2. Wifi consumes less power than 3G when downloading, but more power when idle.
3. 3G consumes the same power as airplane mode when idle.

Yet most of you don't believe conclusion number 3. You've set Tasker to turn off your 3G when the screen is off and have seen great battery savings. I know why...

Your installed programs are using your 3G even when the screen is off. It makes sense that you want to turn off your 3G to stop them and get better battery life, but you are punishing the wrong culprit. You may want some of your apps to occasionally update when the screen is off. You may want to use Sipdroid and get incoming calls. You may want your emails to be occasionally updated, but you don't want Google maps to constantly update the CIA to your precise location every minute. If you want to control exactly which programs have access to 3G/Wifi...

...here is what you should do:

You will need root access to do this. This will setup two script files, one to run when the screen turns off and one to run when the screen turns on. These will "enable" and "disable" the firewall. The firewall is never actually disabled. You are merely changing the rules that apply, either to give access to a limited number of apps or to allow all apps through. Because of the requirement that the scripts be executed with root access, there are actually five script files required. Two are created using Droidwall and are unique to your phone. Three scripts are attached in the zip below and are universal.
  1. Install Root Explorer or a similar app. You can also use adb.exe, but it is up to you to figure out the correct commands.
  2. Install Droidwall .
  3. Figure out which apps you want to grant internet access to when your screen is off. If none, then select none.
  4. Set the rules in Droidwall and enable the firewall.
  5. Using Root Explorer to navigate to this folder: /data/data/com.googlecode.droidwall/app_bin/
  6. Copy the file droidwall.sh and place it on your microSD card.
  7. Rename it to droidwall-on.sh
  8. Open Droidwall again, uncheck all the apps you had selected, and instead check the boxes for "(any application)". This will be the profile that is applied when you actually want to use your phone and the screen is on.

    You can choose to limit access here as well, but it is safer to choose "(any application)" to for now. You can come back later and recreate a more restrictive profile once you have everything working.
  9. Apply the rules and then turn the firewall off and then back on again.
  10. It is important that the firewall is still enabled.
  11. Navigate back to the folder: /data/data/com.googlecode.droidwall/app_bin/
  12. Copy the new droidwall.sh and place it on your microSD card.
  13. Rename it to droidwall-off.sh
  14. These two script files will "enable" and "disable" the firewall.
  15. Use Gscript to test the scripts to make sure they work. Run droidwall-on.sh, and test an app you didn't give 3G or Wifi access to. It should be blocked from accessing the internet. Now run droidwall-off.sh. That same app should now have internet access. If this test does not work, go back and repeat the steps above. This is also the point where you check that all your critical apps function correctly with either script activated. You must make sure the scripts work as intended before proceeding. If you don't know how to add/run scripts using Gscript, learn.

    While you can run these scripts as root in Gscript, running them as root when the screen turns off/on is a bit harder. The following steps have to all be done in order for the scripts to be executed correctly.
  16. Install Tasker
  17. Install SL4A. (more info)
  18. Run SL4A once so that it creates the following folders on your microSD card or create them yourself: /sdcard/sl4a/scripts/
  19. Copy droidwall-off.sh and droidwall-on.sh into the "scripts" folder.
  20. Copy screen-off.sh and screen-on.sh from the zip file attached to this post to the "scripts" folder.
  21. Copy "sush" from the attached zip file to the folder "/system/bin/" and set the permissions to "rwxr-xr-x".
    Code: 
    adb remount
adb push sush /system/bin/
adb shell chmod 755 /system/bin/sush
    Read here about why we need this file to run the scripts as root.
  22. Open Tasker -> New -> Ok -> Event -> Display -> Display On -> Done -> New Task -> Ok -> + -> Misc -> Run Script
  23. Where it says "Name" select the search button. You should see the four scripts we placed in the "/sdcard/sl4a/scripts/" folder. If not, retrace your steps to see what you did wrong. Select "screen-on.sh". Don't select the Droidwall scripts because they can't run as root as they are written.
  24. Done -> Done
  25. Repeat the steps to add a profile for when the screen turns off and "screen-off.sh". When you have both profiles, select Apply at the bottom.
  26. Now when your screen is off only the programs you selected will be allowed to use your 3G or Wifi.
  27. You no longer need to run Droidwall, but you can use it to update your droidwall-on.sh script. Don't uninstall Droidwall. If anything goes wrong and you lose all of your internet access, try deleting the scripts in the "/sdcard/sl4a/scripts/" folder, and then allowing all apps to have internet access using Droidwall.
  28. You can actually setup any number of profiles to control your firewall using location, time of day, ...etc. To do so, create the correct ".sh" file using Droidwall. Place it inside the "/sdcard/sl4a/scripts/" folder. Then add a secondary script to run your ".sh" as root. Use "screen-on.sh" as a template to create your secondary script. Then create the proper profile inside Tasker to run the secondary script. If what I just said confuses you, don't attempt to do this. You can really mess up your phone if this is done incorrectly!

Warning 1: You are running scripts as root. This can cause all sorts of problems if the scripts are written poorly or if someone/something malicious changes your scripts. Do not try to alter the scripts unless you know what you are doing. I take no responsibility if you ruin your phone. You have been warned.

Warning 2: You can't use the droidwall-on.sh script that has been created on another phone. You must create it yourself because your apps have their own unique app number assigned to them. If you ever update a program that you gave access to, you must recreate your droidwall-on.sh file using the steps mentioned above. If you do not, your app will be blocked.


To have optimal battery life, use Wifi when the screen is on and internet usage is high, and use 3G for when the screen is off and your internet usage is mostly idle. This can be accomplished by setting the Wifi sleep policy to turn Wifi off when the screen turns off. This might be the reason it is the default setting on ALL Android phones. If you want to receive calls using sipdroid or any other voip app, create a Tasker profile that disables Wifi if you are on 3G and have an incoming voip call. And then create a second Tasker profile that re-enables Wifi when your voip call is finished. Otherwise, your incoming voip call that rings over 3G will be disconnected when you answer your phone, the screen turns on, and your phone switches to Wifi. This you can figure out how to do on your own.

I hope this helps some of you. You have a smartphone and a data plan for a reason. Use it. :)
 
Last edited:
  • Like
Reactions: xips, Mobile Virgin Optimist V, jjane45 and 2 others
P

psygn

Active member
Feb 9, 2011
38
0
0
Visit site
Nice post, I'll have to check out that app.

Right now I have 3G disabled when screen is off. Does the firewall take note of which apps are traffic heavy/most active so that I can disable them?

I feel turning GPS and Bluetooth off helps quite a bit with battery life, but then again I am making assumptions based on observation. I use Tasker to turn these on when the appropriate apps that need these functions are active, and turn them off when I exit them.

I also have brightness set to very low.

I usually make it through the work day with some juice left in the phone.
 
M

mmarz

Well-known member
Mar 9, 2011
1,130
447
0
Visit site
This app doesn't track the heavy traffic users, but I'm sure some app does. I know DUmeter tells you your overall 3G and wifi usage, not sure about individual apps.
 
Last edited:
D

demonicone

New member
Apr 1, 2011
1
0
0
Visit site
work all so with execute plug in

i have been using execute plugin and it work as well thank you for this post it was just what i was looking for!
 
T

theboundless

Well-known member
Mar 16, 2011
180
14
0
Visit site
Hey Mmarz,

Thanks for your work on the battery life tests and this tasker/droidwall combo, I've used both. I had a question, I've been using an app to toggle 2g when the screen is off and auto switch back to 3g when the screen is on, its supposed to save battery life when the screen is off (1x) while keeping the ability to get push email, etc.

[APP] Toggle 2G/3G (Home widget&Tasker/Locale plugin) [v0.0.15 / 04-06] - xda-developers

What are your thoughts on it? Would it actually save battery life?
 
A

ashton4life

Well-known member
Mar 15, 2011
146
3
0
Visit site
Well I just use Tasker and set it to shut off 3G when the screen locks. My results are good, I unplugged my phone this morning at 730am and its 9:15pm now and I still have 40%. I surfed for 20 mins and used my phone for 110 mins. To me its good, plus I carry an extra charged battery just to be safe but never end up using it. Should I expect more. I use Gingerbread and so far so good. I would love to try something else if it will help but doing your 28 step program there seems a but nutty. Is there a working firewall app that allows you to block unwanted app communications with out this 28 step geek process? (No offense) . Also doesnt 3G also drain your battery while it seeks better signals as well as update apps? A smart phone that lasts the whole day and most of the night is good enough for me and my phone does it. Now if you stream movies and play videos all day then be sure to have some extra batteries or a charger with you. Well this is my 10 cents, hope it helps.
 
Last edited:
M

mmarz

Well-known member
Mar 9, 2011
1,130
447
0
Visit site
I'm glad you guys enjoy this. This has worked great for me so far because I use Tasker in place of so many other apps already. Tasker opens up a lot of doors if you take the time to learn how to use it.
 
T

theboundless

Well-known member
Mar 16, 2011
180
14
0
Visit site
Absolutely agree, tasker is an must have app for android, and it seems to be really lean and not slow down your system.

And though this setup seems long, its really not that bad when you get through it. I use root explorer to move the .sh files around, and have bookmarks on the different file locations, so when I try out a new rom setting up the Droidwall profiles again is pretty easy.

Sent from my VM670 using Tapatalk
 
J

JerryScript

Daydream Believer
Mar 8, 2011
2,055
1,559
0
Visit site
With the new permissions feature in the latest build of aospCM7, there may be some new ways of implementing a firewall.

I'm a bit nervous messing around with them blindly, any suggestions on how to proceed?
 
M

mmarz

Well-known member
Mar 9, 2011
1,130
447
0
Visit site
JerryScript said:
With the new permissions feature in the latest build of aospCM7, there may be some new ways of implementing a firewall.

I'm a bit nervous messing around with them blindly, any suggestions on how to proceed?
Click to expand...

I am happy with Froyo and aospCM7 is still too buggy for my liking. So I haven't played with that feature. I do use this app to supplement the firewall profiles I use: https://market.android.com/details?id=com.stericson.permissions

I believe it does something similar to what you are referring to. I can't see this approach replacing firewall profiles because it is an all or nothing approach to blocking a program where as the scripts posted here turn the firewall off and on with the screen. What I do use this app for is blocking most of my apps from accessing my contact list, my phone number, my texts, my phone ID number,....ect. Pretty much anything the program should have no business accessing.
 
  • Like
Reactions: jjane45 and JerryScript
T

theboundless

Well-known member
Mar 16, 2011
180
14
0
Visit site
Some light testing proves this makes a difference

Hey mmarz

I ran a few tests of my own to confirm whether or not your droidwall profiles actually work. One main thing I've been looking for from any rom is whether or not it will drain less than 1% an hour in my ideal idle test. Here's what my test entails:

1. Start the test at some point below 100%. As most people know, the drop between 100% and 99% is way too long to actually be only a 1% difference. That's why a lot of people claim "my battery only dropped 1% in 8 hours!!!", because they were starting their observation from 100%, which cannot be trusted. Who knows how much our phones actually have, maybe 104% or 105%. Anyways, the drop from 100% to 99% cannot be trusted to give consistent results.

2. Strong signal and no movement. Once again, this is ideal. Of course in normal usage, people travel about every day and jump from tower to tower, sometimes to weaker or further towers. Nevertheless for consistency I keep the phone in the same place and luckily have strong reception for both the cmda and evdo signals (btw a cool app to show both separeately is called "real signal" from kenyu73, but unfortunately for some reason it got taken off the market).

3. Avoid inconsistent drop ranges. The 100% to 99% is strangely long and inconsistent, but so are other values. For example, for some reason my phone does not have a 95%. That means that my phone drops from 96% all the way down to 94%. Now I don't think this means that there is no true 95%, because the 96% to 94% drop takes longer than other 1% drops, which leads me to believe there is a 95% level, but my battery status icon for some reason cannot read it. But in any case, I don't test through it. I only pick a range where I know every 1% drop is consistent.

4. I start the test immediately after I see a drop in a percent. The reason for this is, if you start the test immediately after pulling the phone off the charger, then in reality the percentage will go up a percent or two after you pulled it. So you might think you're starting the test by pulling it off the charger at 91%, but in reality it's charged to 93% (and you'll see it go up after a few minutes if you're looking). So I always mess with my phone until I see a drop in a percent, this ensures a more accurate charge level.

5. Test for more than 5 hours. If you try to do an ideal idle test for a few hours, its difficult to be sure about the results. Of course the 5 hour minimum is arbitrary, and the more hours tested the better. I typically test it through a nights sleep, but the more hours the better.

6. Let it sit, and don't check it for the full time.

7. After however many hours of the test, when you check it, wait until the percentage drops. If you merely turn your phone on and off real quickly, your battery percentage monitor won't have time to show the drop. Turn it on, mess with it, and in few seconds you'll see the drop.

8. 3g is on the whole time. I'm only interested in battery results with 3g on all the time, I know I can get ridiculous battery life by limiting or turning off 3g, but I need data on all the time for things like push email, google voice texts, voip etc. I think with a good phone and rom setup you should never have to turn off 3g to have good battery life.

So here are some results, some of which tested a few times:


Harmonia 1.2
93%-88% 6 hours and 29 min, 480-825 setcpu, +afterboot.sh, picasticks kernel


BumbleBee 2.3
93%-88% 7 hours and 29 min, 480-825 setcpu, +afterboot.sh, picasticks kernel


BB 2.3
93%-87% 8 hours and 40 min, 480-825 setcpu, +afterboot.sh, picasticks kernel


BB 2.3 + Droidwall profiles
93%-88% 8 hours and 30 min, 480-825 setcpu, +afterboot.sh, picasticks kernel


So it seems the droidwall profiles have saved me a whole percent more over 8 1/2 hours, which is definitely something given the low values of the percentages tested. That's probably something like a 17% increase in idle battery life. And I think if I could test longer, the difference the droidwall profiles make would be more precise.

I don't think in real world usage it is possible to approximate less than 1% a hour in idle, due to movement and switching cell towers often, many times to weaker ones or none at all (searching for a tower). But it any case, this is a test I use for roms.
 
Last edited:
  • Like
Reactions: mmarz
O

omgbathtub

New member
Apr 26, 2011
2
0
0
Visit site
mmarz said:
Some of you might have already read my threads on testing the Optimus V:
http://forum.androidcentral.com/optimus-v/71693-optimizing-battery-drain-optimus-v.html
http://forum.androidcentral.com/opt...attery-drain-optimization-tests-part-2-a.html

To sum up the conclusions:
1. The CM7 roms have a Wifi bug that drains the battery rapidly
2. Wifi consumes less power than 3G when downloading, but more power when idle.
3. 3G consumes the same power as airplane mode when idle.

Yet most of you don't believe conclusion number 3. You've set Tasker to turn off your 3G when the screen is off and have seen great battery savings. I know why...

Your installed programs are using your 3G even when the screen is off. It makes sense that you want to turn off your 3G to stop them and get better battery life, but you are punishing the wrong culprit. You may want some of your apps to occasionally update when the screen is off. You may want to use Sipdroid and get incoming calls. You may want your emails to be occasionally updated, but you don't want Google maps to constantly update the CIA to your precise location every minute. If you want to control exactly which programs have access to 3G/Wifi...

...here is what you should do:

You will need root access to do this. This will setup two script files, one to run when the screen turns off and one to run when the screen turns on. These will "enable" and "disable" the firewall. The firewall is never actually disabled. You are merely changing the rules that apply, either to give access to a limited number of apps or to allow all apps through. Because of the requirement that the scripts be executed with root access, there are actually five script files required. Two are created using Droidwall and are unique to your phone. Three scripts are attached in the zip below and are universal.
  1. Install Root Explorer or a similar app. You can also use adb.exe, but it is up to you to figure out the correct commands.
  2. Install Droidwall .
  3. Figure out which apps you want grant internet access to when your screen is off. If none, then select none.
  4. Set the rules in Droidwall and enable the firewall.
  5. Using Root Explorer to navigate to this folder: /data/data/com.googlecode.droidwall/app_bin/
  6. Copy the file droidwall.sh and place it on your microSD card.
  7. Rename it to droidwall-on.sh
  8. Open Droidwall again, uncheck all the apps you had selected, and instead check the boxes for "(any application)". This will be the profile that is applied when you actually want to use your phone and the screen is on.

    You can choose to limit access here as well, but it is safer to choose "(any application)" to for now. You can come back later and recreate a more restrictive profile once you have everything working.
  9. Apply the rules and then turn the firewall off and then back on again.
  10. It is important that the firewall is still enabled.
  11. Navigate back to the folder: /data/data/com.googlecode.droidwall/app_bin/
  12. Copy the new droidwall.sh and place it on your microSD card.
  13. Rename it to droidwall-off.sh
  14. These two script files will "enable" and "disable" the firewall.
  15. Use Gscript to test the scripts to make sure they work. Run droidwall-on.sh, and test an app you didn't give 3G or Wifi access to. It should be blocked from accessing the internet. Now run droidwall-off.sh. That same app should now have internet access. If this test does not work, go back and repeat the steps above. This is also the point where you check that all your critical apps function correctly with either script activated. You must make sure the scripts work as intended before proceeding. If you don't know how to add/run scripts using Gscript, learn.

    While you can run these scripts as root in Gscript, running them as root when the screen turns off/on is a bit harder. The following steps have to all be done in order for the scripts to be executed correctly.
  16. Install Tasker
  17. Install SL4A. (more info)
  18. Run SL4A once so that it creates the following folders on your microSD card or create them yourself: /sdcard/sl4a/scripts/
  19. Copy droidwall-off.sh and droidwall-on.sh into the "scripts" folder.
  20. Copy screen-off.sh and screen-on.sh from the zip file attached to this post to the "scripts" folder.
  21. Copy "sush" from the attached zip file to the folder "/system/bin/" and set the permissions to "rwxr-xr-x".
    Code: 
    adb remount
adb push sush /system/bin/
adb shell chmod 755 /system/bin/sush
    Read here about why we need this file to run the scripts as root.
  22. Open Tasker -> New -> Ok -> Event -> Display -> Display On -> Done -> New Task -> Ok -> + -> Misc -> Run Script
  23. Where it says "Name" select the search button. You should see the four scripts we placed in the "/sdcard/sl4a/scripts/" folder. If not, retrace your steps to see what you did wrong. Select "screen-on.sh". Don't select the Droidwall scripts because they can't run as root as they are written.
  24. Done -> Done
  25. Repeat the steps to add a profile for when the screen turns off and "screen-off.sh". When you have both profiles, select Apply at the bottom.
  26. Now when your screen is off only the programs you selected will be allowed to use your 3G or Wifi.
  27. You no longer need to run Droidwall, but you can use it to update your droidwall-on.sh script. Don't uninstall Droidwall. If anything goes wrong and you lose all of your internet access, try deleting the scripts in the "/sdcard/sl4a/scripts/" folder, and then allowing all apps to have internet access using Droidwall.
  28. You can actually setup any number of profiles to control your firewall using location, time of day, ...etc. To do so, create the correct ".sh" file using Droidwall. Place it inside the "/sdcard/sl4a/scripts/" folder. Then add a secondary script to run your ".sh" as root. Use "screen-on.sh" as a template to create your secondary script. Then create the proper profile inside Tasker to run the secondary script. If what I just said confuses you, don't attempt to do this. You can really mess up your phone if this is done incorrectly!

Warning 1: You are running scripts as root. This can cause all sorts of problems if the scripts are written poorly or if someone/something malicious changes your scripts. Do not try to alter the scripts unless you know what you are doing. I take no responsibility if you ruin your phone. You have been warned.

Warning 2: You can't use the droidwall-on.sh script that has been created on another phone. You must create it yourself because your apps have their own unique app number assigned to them. If you ever update a program that you gave access to, you must recreate your droidwall-on.sh file using the steps mentioned above. If you do not, your app will be blocked.


To have optimal battery life, use Wifi when the screen is on and internet usage is high, and use 3G for when the screen is off and your internet usage is mostly idle. This can be accomplished by setting the Wifi sleep policy to turn Wifi off when the screen turns off. This might be the reason it is the default setting on ALL Android phones. If you want to receive calls using sipdroid or any other voip app, create a Tasker profile that disables Wifi if you are on 3G and have an incoming voip call. And then create a second Tasker profile that re-enables Wifi when your voip call is finished. Otherwise, your incoming voip call that rings over 3G will be disconnected when you answer your phone, the screen turns on, and your phone switches to Wifi. This you can figure out how to do on your own.

I hope this helps some of you. You have a smartphone and a data plan for a reason. Use it. :)
Click to expand...
works perfectly!
 
M

mmarz

Well-known member
Mar 9, 2011
1,130
447
0
Visit site
Wow, nice work, theboundless! I'm impressed!

What you will find with the firewall profiles is that the more crappy apps you install the more the firewall help with battery life. More than anything though, it gives you peace of mind that at least when your phone is idle, your apps aren't uploading your private info.
 
You must log in or register to reply here.

Similar threads

B
Device Stuck At Boot After Sideloading Stock Razor Image Using ADB
Replies
0
Views
382
Google Nexus 7 (2013) Rooting, ROMs, & Hacks
bsalyers
B
A
Possible fix to copy/move issues
Replies
6
Views
639
General Help and How To
B. Diddy
B. Diddy
R
question regarding battery status
Replies
4
Views
1K
Android 13
Rosika
R
S
  • Question
Question Transferring files from phone to tablet. This one's a doozy!
Replies
2
Views
471
Ask a Question
spARTacus
spARTacus
E
Secure folder and notifications being sent to it! Advice please
Replies
5
Views
2K
Samsung Galaxy S20 & S20+ & S20 Ultra
mustang7757
mustang7757

Latest posts

Members online

Total: 1,945 (members: 12, guests: 1,933)

Trending Posts

Forum statistics

Threads
943,593
Messages
6,919,449
Members
3,159,124
Latest member
rabruslik

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom