I recently found that my friend is using wifikill apk on his rooted android and I would like to get rid of that software as I always get kicked from my wifi. I have to give him the password of my wifi but he his been doing such things and I am pretending like I don't know.
Is there anyway that I can make his wifikill not work in my router and in my network?
WifiKill uses a simple ARP spoofing, i.e. it floods all the devices on the WLAN and attempts to impersonate the access point.
There is nothing you can do on your device as is (rooting changes matters: see below) - you would need to deploy an IP filter on the same, and drop all ARP packets. This would prevent you from talking to any device in the WLAN. To be able to do that again you would need to manually prime your device's ARP cache with values you know to be correct (a.k.a. static ARP entries).
You could ask your roommate to quit being a jerk, and/or establish some acceptable usage policy and/or timetable. Why does he need to use WiFiKill? Does he need to?
But supposing you don't want, or can't, get him face to face... and assuming you do have the right to the connection, i.e., it is (in part at least) your access point and Internet connection, not his... there are ways.
You can start making life difficult for him, and have him perceive it is caused by his behaviour, without ever saying so. For example: you can start complaining about your unstable access point and begin resetting it to factory defaults every now and then. Change your WPA key and give it to him again, saying you had to reset the blasted thing yet again ("it keeps disconnecting"). He (and you too) will then have to reinsert the key. After some time, he will come to understand that every time he uses WFK, he gains a few minutes' full bandwidth... and then no bandwidth, and a whole evening of listening to you whining and ranting about unreliable hardware.
You might start spawning conspiracy theories by asking him whether it is likely that there's an incompatibility between your (not his!) phone and the AP, or start noticing unlikely coincidences ("Every time the microwave starts, the connection drops"). After a while grasping at straws, you can latch on the real coincidence ("The network disconnects me only when you are home") and suggest he takes his phone to the shop for a repair. This will reassure him that you accuse him of no wilful wrongdoing -- but at the same time it will be clear that you're onto something. This could be a minimally confrontational way of clearing the air. You can tune the "coincidence" you notice, in order to try and work out a compromise ("Probably when you play online games on your phone a weird combination of bandwidth, access point chip brand and magnetosphere resonance disconnects my phone. Not anyone's fault, but still -- can you tell me when you're going to have a long gaming session?").
The same approach can be used to drive home economic threats ("We need a new wireless access point with a stronger antenna. I found one for $180 -- if this AP reset I'm going to try does not work, we'll need to think about purchasing a new AP. How much could you contribute?").
I am far from sure since I haven't tested it personally, but this seems what applications like ARP Guard, ARPProtect or WiFi Protector do. The latter explicitly mentions WiFiKill. Downside: to fully protect a device you need to tamper with its network stack at a low level, so defense needs root too.
I have no experience on iOS (editing is welcome!), but there are hints that iOS7 employs some ARP spoofing mitigation techniques - possibly slow-caching, glean-refusal, gratuitous-refusal or others. Owners of iOS7 devices might have nothing to worry about.
There is also another way, but it depends on the access point.
Some access points have a special mode of operation - sometimes called "Private Mode", "Client Isolation", "Guest Mode" or "Privacy" - whereby, however large the pool of devices connected to the AP, you only see yours. You cannot "talk" to the other devices. The AP will accept packets from you to it, and not forward any other except for NATting you on the Internet.
This allows e.g. users in a café to be relatively safe against their neighbours' curiosity - you might have a totally open system with services exposed on your laptop, but when you're connected to a private-mode AP nobody else can see them.
I believe that an ARP spoof in such a setup would silently fail. The down side is, not all access points support this.
VERY IMPORTANT: if you have any WiFi device you need to access, e.g. a WiFi printer, it will not work in Privacy Mode, and it might still not work if connected via ethernet cable to one of the Ethernet ports some "APs" have. If this is the case, you might have to query the shop for the exact APs features, or give up on this possibility.
UPDATE: some even fancier Netgear AP have the option of excluding a sub-pool of IPs from privacy mode. So you can have the AP as 192.168.1.1, the WiFi printer and DLNA servers as .2 and .3, use DHCP to assign addresses from .8 to .254 to newcomers. Your being assigned 192.168.1.34 will tell you that there might be (or have been) other (33-8) = 25 devices connected, but you will only ever "see" and be able to harass .1, .2 and .3.
Several access points have the feature of filtering ARP in various ways. This can occasionally break other technologies, notably iOS AirPrint, that rely on ARP "openness", but it may be worth pursuing. On some systems this goes under "bandwidth protection".
Most APs based on Atheros AR5002G should either have the feature available, or it can be activated with the appropriate hack (see below).
If you're feeling adventurous and your AP supports it, you could try and flash it with a version of DD-WRT supporting client isolation or some flavour of ARP filtering.
Or you can say that you've had it with your faulty APs that always disconnects, and you buy a new AP which already has, and accidentally comes already configured with, Privacy Mode and/or ARP filtering.
Another possibility, also available on some APs but not all, is the "split SSID" or "Twin SSID" mode. In this mode the AP publishes two SSIDs, with different keys. In some APs you can also set the bandwidth limitation for one or both networks. You can then get even with your "friend" by copying the current SSID and key to the guest or low-bandwidth connection, then giving the other SSID the name of your neighbours' daughter or pet. Of course, if he gets suspicious, a little investigation will reveal the truth.
Several techniques are available to protect against ARP spoofing. There are some silver bullets, but they're not ubiquitous. The historical (and arguably outdated) tendence was to glob any ARP information you came about, and use it to improve network performance. This is an effective strategy, as long as you can trust that ARP information. Otherwise you need to only consider information you requested, and possibly refuse it if it looks suspicious, if the context seems fishy, or if some extra checks fail to deliver. To do so, of course, introduces a delay.
What about a static ARP entry? Your access point's MAC is not going to change so why not associate that MAC with the gateway IP using a static entry.
Not sure what OS you are using but on linux systems there used to be an arp command that let one do that. If you are on your cell not sure if you can use such a low level command unless you root your phone.
I'm not 100% sure if this will work but I think it will.
OTOH, for just keeping a watch on people like your evil roomie, there used to be a tool called arpwatch that will keep track of arp entries that change the IP-MAC association and then flag that as suspicious.
