Closed Obegg closed 1 year ago
SkewedZeppelin
commented
1 year ago https://divestos.org/pages/broken#mull
Mull has strict certificate pinning. If you are using a proxy or VPN that does HTTPS manipulation you'll encounter a "Secure Connection Failed" error. Navigate to about:config and change security.cert_pinning.enforcement_level from 2 to 1, this is however a security and privacy risk.
I strongly do NOT recommend letting such an app MITM your traffic.
Obegg
commented
1 year ago I strongly do NOT recommend letting such an app MITM your traffic.
Can you explain why? I really don't see a reason why not, it's supposed to protect me, so I would like to learn more.
SkewedZeppelin
commented
1 year ago Because you have to rely on:
these points are not specific to ESET, they apply to any software performing such actions
Obegg
commented
1 year ago Great points there, truly new information for me, I am quite the newbie and am willing to hear other opinions/facts.
Yes, some anti-virus companies are not great and some have stories about them doing some bad things, sure,
but according to the DOCS you mentioned "HTTPS manipulation" - I'm sure there are some phishing sites that use HTTPS, so.... that's the confusing part for me, because even if Mull does block HTTP connections (unless I misinterpreted this, because I know there's a feature called HTTPS Only Mode in Mull [and Firefox]) there are phising sites that use HTTPS, so it doesn't mean you can disable the Anti-Phishing feature, the "protection" Mull provides is not against Phishing.
I guess you know what you are talking about (obviously you have no reason to lie, and you did teach me some new things), so I think I can trust you, what is the ideal solution for this case? What would you do? Do you even need Anti-Virus in your phone? (yes, those questions are from your perspective), while you can protect yourself from Phishing URLs since you only visit PayPal or whatever, what about Anti-Virus in general, the kind that only scans the apps you installed on your device? I guess this could be somewhat off-topic, I'm not sure, but I would like to get your opinion on the matter.
Currently I uninstalled my Anti-Virus since I never discovered any viruses, and I do know not to click on suspicious URLs.
Mr-Bajs
commented
1 year ago To my understanding apps on android are quite well sandboxed, they cant communicate with each other. Virus and malware gets installed by the apps you actively install on android, but hence the apps are sandboxed the damage they can do is limited. The security issues with android are more about data collections and unneccesary permissions the apps requests. Using apps that are open source is a defence againt malware but as anything no guarentees. As the code is open malicious code is less likely to get passed into the software. Datacollection of apps gets leaked and leaked all the time, so even if you dont think that the data is anything you care about the data have and high risk of leakage and will make you an easier target for malicious actions, now or even years in the future. Thats my take on it.
I dont use antiviruses. And im no security or android expert at all. You can chose a dns provider att system settings that does some filtering of malicious sites, default is probably good enough.
SkewedZeppelin
commented
1 year ago what is the ideal solution for this case
You can block malware and phishing websites without letting an app on your phone MITM connections, see DNS based services such as:
Do you even need Anti-Virus in your phone
Noting the bias of having my own anti-malware app, I honestly think they are not necessary at all on Android. Keeping your system and apps updated and not installing random apps will go a long way.
Obegg
commented
1 year ago You can block malware and phishing websites without letting an app on your phone MITM connections, see DNS based services such as:
I actually use Pi-Hole
Obegg
commented
1 year ago Thank you all for answering my questions and participating in the discussion, I think I'll close this issue for now, I got my answer in the first reply and I was curious to hear other people opinion, every day you learn something new, I'm grateful and keep doing great work with Mull, love it.
SkewedZeppelin
commented
1 year ago @Obegg but does your pi-hole work when you are not at home?
And even then, I'd still recommend using such a DNS as the upstream for your pi-hole, unless you're already running your own recursive resolver.
Obegg
commented
1 year ago but does your pi-hole work when you are not at home?
No, but I can VPN to my home network, so no issue
And even then, I'd still recommend using such a DNS as the upstream for your pi-hole, unless you're already running your own recursive resolver.
I did use cloudflared (way back when there wasn't any need for registration), and then they changed it so it became complicated for me so I switched to unbound, I did find it super slow, I could feel the difference, for now I stick to Cloudflare (1.1.1.1, 1.0.0.1 and the IPv6), super fast, and by their policy there's no logs or something like that, so I'm somewhat happy.
SkewedZeppelin
commented
1 year ago If you're using Cloudflare, they do actually have a malware blocking variant at 1.1.1.2/1.0.0.2
Obegg
commented
1 year ago I did not know this, wow, ok, that's cool, but I don't think I'll switch to it since I do have many adlists, yes, many, that block around 2M URLs, some ads, some analytics, some malware, it's mixed, and additionally I have firewall on my unifi router, I've set it to "high" (35 out 35 security detections), I have no idea how that compares to CloudFlare malware block varient at 1.1.1.2, but I think they use the same blocking URLs that I use for Pi-Hole, this seems reasonable, or alternately they could be blocking the same blocking that my router firewall is blocking, I'll need to search about it, it does sound interesting.
I'm using ESET Anti-Phishing feature on my phone and it works fine with Firefox, but with Mull it doesn't work.