[49bc]

Last time I looked at a “system-wide” adblocker, it was just a vpn service with proxied your traffic (not just DNS) through a who-knows-what server. That seemed really sketchy to me, and I doubt most users knew the implications of it.

[ameshkov]

You may have looked on a bad one.

System-wide blockers on both iOS and Android do use the VPN API, but the idea is to intercept your outgoing traffic on the TUN interface, emulate the TCP/IP stack, and filter it locally, right on your device.

[49bc]

How do you know which one the app is doing? From my perspective the vpn was “on”

[ameshkov]

The easiest way would be to visit a website like "whatsmyip" and check that your IP address stays the same.

[hedora]

Not perfect, but you could connect to wifi, and look at the connections the phone makes.

Of course, it could change its behavior if it detects a cellular connection...

[saagarjha]

A better way would be to download the app and reverse engineer the binary.

[49bc]

And do that every single time there’s an update?

[gruez]

or download an open source version on f-droid

[sofaofthedamned]

Exactly. It's a VPN in name only, and the only reason is to route traffic to be able to bypass the security features in the OS.

[hendersoon]

They are actually local VPNs looping back to your device. That's the only way to change DNS servers when on cellular data. Until Android P, which will finally allow that.

[kinsomo]

Would it be possible to skirt these policies by having a system-wide ad blocker that's only partially configured? Either the user has to modify their systems settings to use the local VPN or take some action to load or enable the blocklist.

[ratinacage]

The ones I have used on Android just use the /etc/hosts file.

[sofaofthedamned]

Those ones need root. The VPN ones are there to bypass this requirement.