// Blog
Open-Source App Blocker for Android With No Internet Permission
You install an app blocker to spend less time staring at your phone. Then it asks for your email. Then it wants Accessibility access, which on Android means it can read the text on every screen you open. Then you find out it makes money from ads, or a "pro tier," or something murkier. So now the thing you installed to protect your attention is also watching everything you do and shipping it somewhere you can't see.
Most people never notice they made that trade. An open-source app blocker for Android with no internet permission flips it. Nudge can't track you because the operating system won't let it. There's no account to create, no telemetry, no server it phones home to. The code is on GitHub under GPL-3.0, so you don't have to trust a privacy promise. You can read the manifest yourself before you install.
The hidden cost of free app blockers: you are the product
Building an app costs time. Running servers costs money. So when an app blocker is free and has no visible business model, the money is coming from somewhere. Usually one of three places: ads, a subscription upsell, or your data.
The data path is the one people underestimate. A blocker needs to know which apps you open and how long you stay in them. That is, by design, a detailed log of your phone habits. Which apps, what time of day, how often you relapse on the ones you're trying to quit. That data has buyers. Analytics firms, ad networks, and "audience" brokers all pay for behavioral signals, and "how compulsively does this person use TikTok" is a clean signal.
You don't have to assume bad intent. The point is the capability exists, and capability plus a profit motive plus zero transparency is a bad combination for something that sits on top of your entire phone.
What Accessibility permission can see (and why that's the real risk)
Almost every Android app blocker uses the Accessibility Service API. Nudge does too. It's the only reliable way to detect which app is in the foreground and draw a blocking screen over it. There's no sinister alternative hiding behind a flag. This is how the category works.
Android's own warning label says it grants the ability to "observe your actions," "retrieve window content," and read text on screen. An Accessibility service can see the contents of the apps you use, including text you type, depending on how it's built.
The permission your blocker needs is the same permission a keylogger would want. That's not a reason to avoid blockers. It's a reason to care a lot about what the blocker does with that access, and whether it has any way to send what it sees off your device.
This is the whole argument for no internet permission. An app with Accessibility access but no network access can read your screen all it wants. It has nowhere to put the data. It's a security guard who can watch the building but has no phone, no radio, and no exit. The constraint isn't a promise about behavior. It's a wall.
The StayFree story: when your blocker gets acquired
StayFree is a popular, genuinely useful Android usage tracker and blocker. It's also a useful example of why "this app is fine today" isn't the same as "this app is fine forever."
Apps change hands. Ownership transfers, privacy policies get rewritten, a free tool adds an ad SDK in version 4.2 that wasn't there in 4.1. The app you vetted last year is not necessarily the app running on your phone today. If a blocker has the internet permission and an analytics pipeline, a change in who profits from your data is one app update away, and the update installs silently.
StayFree's fine for what it is. The point isn't that StayFree is bad. The point is that any closed-source blocker with network access is one acquisition or one update away from a policy change you won't know about.
Policy vs constraint: why "we don't track you" isn't enough
Every app's privacy policy says some version of "we respect your privacy." Freedom says it. AppBlock says it. The words are free to write and impossible to verify from the outside.
There are two ways to promise privacy:
- Policy: "We could collect your data, but we promise we won't." You're trusting a sentence.
- Constraint: "We can't collect your data, because the app has no way to send it anywhere." You're trusting math.
A policy can be broken quietly, changed in an update, or ignored by a future owner. A constraint is enforced by the Android operating system on every boot, whether anyone's watching or not. No internet permission is a constraint, not a promise.
Zero internet permission, explained: the app cannot open a network connection
On Android, an app can only do things it has declared permission for. Network access is android.permission.INTERNET. If an app doesn't request it in its manifest, the system blocks every attempt to open a socket. No HTTP request, no analytics ping, no silent upload. The call fails at the OS level before a single byte leaves the phone.
Nudge does not request INTERNET. That single missing line is the entire privacy story. It's what makes Nudge a true no tracking app blocker rather than a privacy app blocker for Android that only promises good behavior. Everything Nudge tracks (which apps you open, your time budgets, your block schedules) is computed and stored locally, and there is no code path that could send it out even if someone wanted to. There's no server because there's nothing a server could receive.
This is also why Nudge has no account. Accounts exist to sync data across devices through a server. No server, no sync, no account, no login, no password to leak. Your data lives in one place: your phone.
How to verify it yourself in Android Settings before installing
You don't have to trust any of this. Android tells you what an app can do.
- Install the app (or download the APK without installing).
- Open Settings, then Apps, find the app, and tap Permissions, or App info then Permissions.
- Look for anything network-related. The system groups some permissions, but install-time permissions like internet access are visible in the full permission list.
For Nudge specifically, you can check before you even download anything. The AndroidManifest.xml is right there in the public GitHub repo. Search it for INTERNET and you'll find permissions for things like querying installed apps and the Accessibility service, but no internet access. That's the point, and you can confirm it in about thirty seconds. Once Nudge lands on F-Droid, that listing will show the same declared permission list pulled straight from the manifest, before you install.
Reading the source: what GPL-3.0 and a public repo actually buy you
"Open source" gets used loosely, so here's the concrete version. Nudge's source code is public on GitHub under the GPL-3.0 license. That gives you three things that closed apps can't offer.
First, you can read the AndroidManifest.xml yourself and confirm there's no internet permission line. It's a text file. You don't need to be a Kotlin developer to find the word INTERNET or confirm it's absent.
Second, GPL-3.0 means the published source has to match the app. The license requires that the code stays open, so a future version can't quietly close up and bolt on tracking without that change being visible in the public commit history. With a closed app, you're shown a polished store listing and nothing underneath.
Third, anyone can audit it. You personally might never read the code, but the value of open source is that someone can, and the FOSS community around F-Droid is unusually motivated to call out apps that sneak in trackers. Closed source means the only people who've seen the code are the people being paid to ship it.
No account, no telemetry, all data local: what stays on your device
Here's everything Nudge knows about you and where it lives:
- Which apps you've set delay-to-open, time budgets, or schedules for. Stored on your device.
- Your daily usage against those budgets. Computed on your device, in memory and local storage.
- Your app groups and block rules. A local config. Yours.
There's no analytics dashboard somewhere with your name on it, because there's no "somewhere." There's no crash reporting SDK quietly uploading stack traces with device fingerprints attached. If you uninstall Nudge, the data is gone, because it was only ever on your phone to begin with.
That local-first design is also why the friction features can be aggressive without being creepy. The delay-to-open pause (a breathing beat before a distracting app launches), per-app time budgets, grayscale mode, and in-app blocking of things like YouTube Shorts and Instagram Reels all run entirely on-device. The blocker is opinionated about your attention and silent about your data.
How to install from GitHub today (and what's coming on F-Droid)
If you care enough about privacy to want no internet permission, you probably already prefer these install routes anyway. Right now there are two live paths: build from source, or sideload the APK. The store listings are still in progress.
GitHub is the most direct path, and the only one that's live today. The repo is at github.com/astraedus/nudge. You can download a release APK and install it directly (you'll need to allow installs from your browser or file manager once), or build it from source if you want maximum certainty that the APK matches the code. Either way you're getting the app straight from the source, no middleman.
F-Droid is the open-source Android app store. It only lists FOSS apps, shows the full permission list on every page, and builds apps from source itself rather than trusting a developer-uploaded binary. Nudge isn't listed there yet. There's a merge request open to get it in. Once it lands, you'll add F-Droid, search Nudge, and install, and F-Droid will show you the permissions before you commit, which is exactly the verification step from earlier.
Play Store is in review, not live yet. When it lands it'll be the easiest one-tap install for most people. The tradeoff is that the Play listing won't show you the full manifest the way F-Droid does, so if verification matters to you, GitHub (now) or F-Droid (later) is the better path.
Current version is v1.5.6, built with Kotlin and Jetpack Compose. Android only. There's no iOS version and won't be one. iOS doesn't allow the Accessibility-based foreground detection and overlay approach Nudge relies on. App limits on iOS only work through Apple's restricted Screen Time APIs (FamilyControls, ManagedSettings, DeviceActivity), which is a different architecture entirely.
FAQ
Can an app with no internet permission still block apps?
Yes, completely. Blocking is a local operation. The app watches which app comes to the foreground (via the Accessibility service) and draws a blocking screen over it (via the overlay permission). None of that needs a network. The internet permission would only ever be used to send your data somewhere, which is the one thing you don't want a blocker doing. Removing it costs you nothing and removes the entire tracking risk.
Is it really auditable, or is that just marketing?
You can check it in minutes. The code is on GitHub under GPL-3.0. Open the AndroidManifest.xml in the repo and search for INTERNET. If it's not there, the app can't make network calls, full stop. You can also check the declared permissions in Android Settings after install, or on the F-Droid page before install. "Auditable" here means the claims are falsifiable, not that you have to take them on faith.
Can a FOSS app blocker match Freedom or AppBlock?
For the core job (blocking apps, setting time budgets, adding friction), yes. The table below compares Nudge against Freedom, AppBlock, StayFree, and DigiPaws. Freedom and AppBlock win on iOS support and cross-device sync. Nudge wins on being a free, no-account, no-tracking app blocker with the hard guarantee of zero internet permission.
| Internet permission | Account required | Open source | Price | Platform | |
|---|---|---|---|---|---|
| Nudge | None | No | Yes (GPL-3.0) | Free, no tiers | Android |
| Freedom | Yes | Yes | No | Limited free, then paid | Android + iOS |
| AppBlock | Yes | Optional | No | Free with paid pro | Android + iOS |
| StayFree | Yes | Optional | No | Free with ads / paid | Android |
| DigiPaws | None | No | Yes | Free | Android |
Freedom and AppBlock are polished and cross-platform, and if you want iOS support or sync across devices, they're reasonable picks. DigiPaws is the closest in spirit: also open source, also free, and it skips the internet permission too, with a more gamified, mode-based take on building friction. Nudge's specific edge is the combination, and the calmer design behind it: open source, no account, completely free with no paywalled features, and the hard constraint of zero internet permission that none of the closed options can match. If you want a fuller breakdown, see our rundown of free Android app blockers for 2026.
Will the no-internet-permission guarantee break in a future update?
It can't, quietly. Because the source is public under GPL-3.0, adding the internet permission would mean a visible change to the AndroidManifest.xml in the commit history. With a closed app, that change happens behind a wall and installs in a routine update. With Nudge, it would be on the record. An Android app blocker without an account and without network access has nothing to silently flip.
If you want an app blocker that physically can't sell your phone habits, this is it. Read the code, check the manifest, and either build from source or sideload the APK from GitHub today. The F-Droid and Play Store listings are in progress. It's free, it's Android, and the privacy claims are things you can verify rather than promises you have to believe.