I'm using ServerSocket to create a listening port on Android, so that other clients in my local network can connect to it while the phone is providing a personal hotspot. I probably can't specify the IP of the personal hotspot interface, because there seems to be no reliable way to determine this IP on Android. Therefore I bind to all IPs by creating the ServerSocket without specifying an IP.
Is it safe to assume that access to open ports is blocked by the cellular network's firewall?
Is it safe to assume that access to open ports is blocked by the cellular network's firewall?
Nothing in letting the system choose the port makes the port magically blocked by firewalls.
There might not even be an explicit "cellular network's firewall" in the first place. There might be some implicit protection due to the use of CG-NAT in many mobile networks - see Why is NAT referred to as "the poor man's firewall"?. But this is not an actual requirement for mobile networks, so there might be some which don't do CG-NAT. Or it's only done for IPv4 due to the scarcity on IPv4 addresses but not for IPv6. And, like CBHacking commented: NAT or CG-NAT does not protect against attacks from devices which are inside the same network behind the NAT.
In summary - it depends on the specific mobile provider. And it might change without notice unless it is an explicitly promised feature. Thus don't rely on it.
