Configuring with iOS settings sends unencrypted DNS requests to 1.1.1.1 and, as a result, the sites you access can be seen in your internet traffic by people like your Mobile provider (when using mobile internet) or the local cafe (when using their WiFi) or your home ISP (when using your home WiFi).
This app enables your DNS requests to be encrypted. Your requests are still seen by Cloudflare, of course.
Got a follow up question for you... have you guys integrated the IOS into Apple's "Shortcuts" app? This app was created by a 3rd party used to be called Workflow. Apple bought the app 2 years ago or so.
Reason I ask... I have a one-tap shortcut to turn off WIFI and Bluetooth for leaving home. Would be awesome to turn off WIFI / Bluetooth / turn on Cloudfare with a single tap as I head out the door.
I don't need the battery drain from VPN usage while sitting at home, and already have my DNS routed away from my ISP.
Thanks for the suggestion, we'll look into integrating. There shouldn't be notable battery drain from the app though, it's not a VPN in the traditional sense.
Very cool. Thanks. Yeah, in addition to the battery issue (which sounds a nonissue based on your reply) there is the simply issue of me not remembering to turn on / off.
That setting change only changes DNS while on Wifi. IOS offers no direct method of changing DNS while on cellular. Without something like Terminal on an iPhone, pretty difficult to tell which DNS is being used by the iPhone unless the phone is jailbroke. I use an app called Net Analyzer to check various networking configs. I'm not sure even the Cloudflare app is actually changing DNS. Need to do a bit more poking about to figure out what exactly is going on.
Edit: After playing around a bit, with the CloudFlare app alongside Net Analyzer, DNS on cellular appears to modified from my cell provider to what I think is the CloudFlare VPN profile on the device with IP addresses 192.0.2.2, 192.0.2.3, 192.0.2.4.
It installs a VPN policy to do it, that's the only viable method on non-managed devices. There is another big difference as well, the app enables DNS-over-HTTPS which encrypts your DNS traffic.
Thanks! Good info. Yeah, was able to confirm that the Cloudflare app defaulted to DNS over https. That's an improvement over my previous attempts to excise cellular DNS traffic away from my carrier.
Is Cloudflare also servicing internet requests or are requests still being serviced by the cellular providers after DNS is resolved?
Cloudflare is using the NetworkExtension API purely to intercept DNS requests and nothing else. Everything happens on device and not in some remote VPN service.
Your carrier's DNS may or may not be fast depending on how it is set up and who you use. In general 1.1.1.1 is faster than any of the other public DNS resolvers, and does a lot of preemptive caching that it's likely your ISP does not. Of course, it also doesn't sell your data which is a bonus.
This app enables your DNS requests to be encrypted. Your requests are still seen by Cloudflare, of course.