[g_p]

The best workaround on recent android versions (although I agree on the limitations being quite annoying) is to (ab)use the private DNS feature for this - it lets you set a custom DNS server that is used for both WiFi and cellular data.

Same is now available on iOS 14.4(?), via a mobileconfig plist/XML file.

Either use an existing public ad/tracker blocking DNS over (HTTPS, TLS) server, or host your own and enter the hostname there.

If you go down the hosting your own route, you can have a rather neat setup for managing and blocking things via a web browser - it is quite nice to be able to log in and control what's blocked.

Note - if you run an open resolver DNS server on the public internet, usual caveats apply about knowing what you are doing. You don't need to expose port 53 (UDP DNS) if you're using DoT or DoH, which should help.