I do not know what my apps are doing. One of the reasons I root my devices is to be able to add a firewall. For some time I have used the Avast Mobile Security app, which has a firewall if your device is rooted. I’ve decided to revert to AFWall+, an open source firewall you can download from within F-Droid, the open source app store.
I’d tried AFWall+ before, but had some issues. The latest version is very clean and has, so far, worked without a hitch. The initial challenge is to get all of the permissions set up. This is a positive, though. I only turn on access to those apps that need Internet.
The first issue I ran into was when trying to access the corporate public wi-fi and it would not allow me to acknowledge the click-through access agreement.
To enable that, I had to allow both wireless and LAN access to both the Linux kernel and to either Firefox (if you’re using a browser login) or to the CaptivePortal app. That’s similar to the login functionality on an iPhone and exists outside the Web browser.
Most other apps were self-contained. The only ones that weren’t were Google apps like Newstand, which required the DRM access turned on (I think for the paid magazines, even though I only use the free content).
If you run into problems getting access after turning on AFWall+, you can activate log files in the settings. The logs will indicate which app was blocked. You can also see onscreen which apps are trying to access the Internet and are being blocked. That’s not useful for isolating a problem but it has been illuminating on seeing which apps are active when I am not using them.