This has been a long-standing issue with android, that no matter how much you want it to use internal dns servers only, it'll decide to flip to cell and use those as it needs/wants. I've observed adb debugs for times recently to see why/when wireless was disconnecting, and it comes down to liveliness checks that if it can't see or resolve something, it'll simply bring up and try the cell data to do so.
It's especially frustrating when using internal dns records that only live internal will randomly not work on a phone. I can see that the device is on wifi that is feeding internal dns servers with the records, but it's resolving externally still for some android reason. This happens on my SO's phone when using things all the time, but I really don't use my phone in the house except to read books and rarely notice.
No idea how apple is about this, but the fact they try to proxy everything you do via their "privacy" vpn by default including dns as DOH, I can't imagine it is any better trying to use what they'd see as a competing product, and we know how apple feels about those.
Apple (or iOS) actually has a robust built-in way to filter and block traffic using configuration profiles. I’m uncertain if you can configure it per-app, but you can definitely whitelist/blacklist hostnames. For an example of this in action, check out this system-wide ad blocker https://myxxdev.github.io/depictions/MYbloXXforiOS/MYbloXXfo...
In my limited experience, when mybloxx (very rarely) has a problem, it blocks all network access and I have to go in and “reset iOS connection cache” or “reset mybloxx”, two separate options in mybloxx that I’m unsure of what they do behind the curtain.
I hope someone who is more knowledgeable about the configuration profiles can give you a definitive answer.
I could have sworn there was source for it a few years ago but looking again I can’t seem to find it. I think the dev might have taken it down because others were reusing his code according to r/jailbreak
Anyway I do trust the developer, he’s been at it a number of years working on this thing, and most importantly it really does work well, blocking the most amount of ads vs other blockers. He’s obviously not a web dev and the jailbreak scene is kind of scrappy so I can forgive the website. Look past the formatting and see what’s there. If you want to use the method but not run any code you can manually supervise your idevice but you have to backup / wipe / restore in order to do it on stock iOS. The pac scripts are open source and you can self-host them if you’re truly paranoid.
I built AOSP from source. It's supposed to be devoid of any google specific requirements. I went out of my way to block as many google servers as I could in the hosts file just to ensure it wasn't phoning home.
As far as I can tell the only issue I ran into was that despite being connected to a working wireless access point, the device reported I had no internet. It still worked, but it seems for the purposes of the status bar icon, and whatever other underlying system code, it was using a google server to verify internet was working.
I would just stay far away from android if you value your privacy, and probably tech all together.
That would be a pretty expensive mistake considering iOS also has VPN leaking issues that have been reported but unfixed for what, years at this point?
Nope, any phone with a cellular modem ships with unreplaceable firmware that is likely used to spy on you. Failing that, many governments field the capability to forcibly reroute cellular traffic over backdoored networks. You could be using a PinePhone with PostMarketOS and still get wiretapped in any number of ways.
It's especially frustrating when using internal dns records that only live internal will randomly not work on a phone. I can see that the device is on wifi that is feeding internal dns servers with the records, but it's resolving externally still for some android reason. This happens on my SO's phone when using things all the time, but I really don't use my phone in the house except to read books and rarely notice.
No idea how apple is about this, but the fact they try to proxy everything you do via their "privacy" vpn by default including dns as DOH, I can't imagine it is any better trying to use what they'd see as a competing product, and we know how apple feels about those.