Android system app firewall filter


how to setup firewall filter for WiFi login page for Chrome but disallow everything else including system data? Android 4.3. Have a great day!


What is it you want to accomplish here?
Filter out ads? Only allow one app to use a data connection? Or something else?


Thx for promptness. I was charged unknown data using a WhatsApp Service package from my service provider even though there is only WhatsApp app in my Android and iPhone. Even though I got reimbursed by complaining to Consumer Council, it is too inconvenient to complain every time I got this type of charge. I tried free Android Firewall apps but problem still exist. I suspect it is phone system data that I was charged (service provider wouldn’t explain the charge). I tried Android ProtWall (free ) but problem is when I filtered out system app while allowing Chrome, phone don’t allow WiFi Login page. I suspect I need to allow some system app on top of Chrome. Your pointing me to a direction will be much appreciated. This unknown data charge happened to other USA service providers as per my Google search but I am still yet able to find how other consumers handle this problem. Have a Great Day! Sunny


Who is your service provider?
It seems weird that they would have a specific package for WhatsApp usage as normally a cell provider just provides data that you can use with any app.


Thanks for your reply. It is , If you need to know which other service providers which also provide all-you-can-use-WhatsApp-data-packages were also complained, please do let me know because official Apple community website contain such info. I appreciate your support! Thx!


That is helpful to know.
The Wikipedia page for them says that provider is 3 Hong Kong (also known as 3HK or Three HK; Chinese: 3香港)

As an American who only knows English, I don’t know a lot about Hong Kong, the providers there and how to read the provider’s Chinese web site.

There are tools like Google Translate that may help so I’ll try to see what I can find that could be helpful.


This shows same data bundler offering from providers other than HK based:

Not too sure how your info point me to right direction; so to repeat my question, I need help on which Android System Apps to allow only WiFi-login-pageyet suppress non-WhatsApp data while using public WiFi. Appreciate to be advised if I should provide more specific on my question. Thx!


Ok, I think I get what is happening here.
You have a monthly data plan with a limit on the data you can with use with all the apps on your phone with the exception of WhatsApp that is not charged the same amount as with other apps.

You want to block all apps except for WhatsApp and Chrome from using data to prevent extra charges but when you connect to a WiFi that opens a login page, you can’t access the login page which is weird because in my experience Android loads the Wi-Fi login page in the default web browser which will be Chrome unless you changed and if Chrome is allowed to use data then accessing the Wi-Fi login page should work.

If I now understand correctly, let me know so I can try to help after figuring this out.


Short version: you need to roll your own firewall.

Longer version: you need a firewall that blocks access to all web sites but a certain few. So you’d have to set up a computer and install firewall software like pfSense.

Their web site is here:

I’d suggest joining their forum here:

or the IRC chat, as described here:


The OP wants to limit access on an Android device that presumably they use when they are not at home so I don’t think pfSense will help here.


But this…

If WiFi is involved, then we’re not talking about cellular data. If cellular data is involved, then we’re not talking about WiFi.

I think a little more explanation from @sunny1 is in order, here.

Sunny1… where are you trying to log in to WiFi, and when are you trying to block non-whatsapp data? When on WiFi? When on cellular?

Please be a lot more explicit about what you’re trying to do, so people can actually offer more useful help.

However, based on what I can gather from your previous posts… I don’t think you can do what you want just using software on your phone.


When someone logs into a public Wi-Fi access point, a lot of the time, a portal page is opened first where you agree to Terms of Use or what not.
In my experience, Android will open that page in the default web browser.

After reading the OPs posts, replies and such, I think I figured out the issue that the the OP is having, I think the OP figured out a way to limit any data use on the Android device to just Whatsapp and Chrome regardless of cellular data or Wi-Fi data use and when the the OP wants to switch to using public Wi-Fi instead of cellular data, the blocking software or whatever the OP is using prevents the Wi-Fi portal page from loading so using public Wi-Fi doesn’t work when the blocking is enabled


Yeah, after re-reading his posts a couple of times, I also think that’s going on.

Any good firewall should be able to block software per interface, so you should be able say “allow a web browser to use the WiFi port. Do not allow a web browser to use the Cellular port.”

However, I have never used any firewall software on Android, and the only Android device I have right now doesn’t even have batteries in it… so I’m afraid I can’t offer any help there.

On the iPhone side, it’s even simpler… what you want probably doesn’t exist. Apple doesn’t let applications filter data on the network.

The simple solution here is to manually turn off cellular data, then manually turn off your firewall when using WiFi.


My goal is to mimimize $ with prepaid SIM & my only need is WhatsApp for data (Mom don’t know how to use SMS, otherwise I don’t need WhatsApp on data); everything else to connect via public WiFi. Because I kept changing prepaid SIMs, I end up with old :telephone_receiver: #; but some of my contacts aren’t technical enough to update my contact info when I switch to new SIM; since I wish not to lose their WhatsApp text, my solution is to have other :iphone:(no SIM) using WhatsApp with old :telephone_receiver: #s; WhatsApp on these other :iphone: will connect via WiFi hotspot from my :telephone_receiver: which has the current SIM. That’s why I wish for a Firewall app to (1) filter out all mobile data (including system & default app) except WhatsApp (2) allow login-webpage when connect to a WiFi hotspot. Google Playstore offer Firewall apps that also filter out system apps but none details the know-how for above. My challenges: (1) Some apps will not work (I was charged for non-WhatsApp data) even when on mobile data. (2) My :iphone: has Chrome as default brower and I allowed Chrome to pass thru firewall but I haven’t yet find a app to allow login-webpage. Thx for ur attention …


Text messaging is fairly simple, I would guess that she could turn how to use text messaging to avoid this issue unless she has charges for texting and WhatsApp is free.

Why do you keep needing to change SIM cards?
I would have thought that even with prepaid service, you would still only have one SIM card.
I don’t really get what is different about a prepaid plan vs a normal plain that would require changing SIMs all the time.

Yeah, I recently read that WhatApp only stores message history on one device.
WhatsApp does have a method to transfer message history between multiple devices but only if they are the same platform.

For example: You can have WhatsApp message history on a Windows Phone that you can’t transfer to Android or iOS (Which will be an issue as at the end of this year, WhatsApp will stop supporting Windows Phone so those that decide to switch to Android or iOS can not take their WhatsApp message history with them).

There is a limited amount of support for Firewall type blocking in apps that don’t have root access (which you need to hack the phone’s software to do but it’s not easy to do, could make you phone unusable if the hack goes wrong and probably will void the warranty on the device).

Android apps are run in a limited sandbox so Security Apps like a Firewall can be developed but they will not be able to match the feature set and reliability of a firewall on a router, desktop pc, laptop pc and others that provide full access to the device so the security app can do anything that it needs to do.