I may have overlooked something, but as far as I can tell, in order to block trackers and in order to block network access for specific apps the only solution is to use a blocking app that acts as a VPN? That makes it a non-solution for me at least, 'cause a VPN is essential to me. The only other option I know of is AFWall, which requires root, and which seems to have quite some issues.
What would be the best solution? It seems to me that what we really want is to:
- patch the system DNS resolver to support a blocklist allowing users (apps) to pull from the popular blocklists (pihole, et. al.) and push to the system resolver.
- support a file that lists hostnames or IP address ranges to block via iptables (the hostnames would be re-resolved periodically) so one can block services that are accessed directly via IP address.
- have a way to block network access on a per-application basis (in /e/ v1-q I don’t see a way to do that and I fear that denying the permission will cause apps to error-out, I’d rather null-route the packets)
Am I missing something? Making it too complicated?
Hmmm, for #1 it seems possible to run dnscrypt-proxy on Android and I know that I can easily feed good ad/malware blocking lists into that (that’s what I do on my home router).
Edit: #3 can be done in the settings: Settings->apps-> ->Data usage->deactivate all data sliders