

Connection requests can be accepted on a one-off or permanent basis. The WhisperMonitor software firewall intercepts an Android app's outbound connections and asks users to confirm whether they want to allow or block the app's network communication with a given server. This allows users to control the data traffic from their installed apps and enables them to prevent dubious apps – and their creators – from spying on their traffic.

However, the dialogue prompt isn't very helpful in terms of decision-making. A user will only be asked to confirm whether the app is allowed to contact a certain address; it is up to the user to find out whether or not this address is legitimate. The question of why a network connection is established also remains open – users can't see whether an app is downloading or sending data. The dialogue indicates only that an app has unexpectedly attempted to establish a connection.

WhisperMonitor also displays the network traffic from Android services. It has a simple rule management system which allows rules to be created on a per application basis so that, for instance, the firewall could be used to block the GPS daemon's device coordinate transmissions. WhisperMonitor can also log the addresses an app has accessed. WhisperMonitor is part of the new beta version of WhisperCore, a free security platform for Android smartphones developed by Whispersys.

WhisperCore can encrypt entire systems but requires a device to be flashed, which in turn requires that a phone first be unlocked. An installer for Windows, Linux and Mac OS X takes care of this for the Nexus S and Nexus One; additional smartphones are scheduled to be supported in the future. Whisper Systems has previously released RedPhone and TextSecure, two free apps for Android smartphones that are designed to provide more secure ways of communicating.

See also:

WhisperCore brings device-level encryption to Android, a report from The H.

(crve)