Recommended this yesterday to someone here. It is an Android app that lets you choose per app, which outgoing connections are allowed. Comparable to uMatrix in the browser, but selection is less fine grained. Pretty eye opening. If you value your privacy, give it a try.
I've been using NetGuard (https://netguard.me/) for this purpose for a few years now - works great for blocking apps off from the internet entirely but is/was a huge battery drain filtering all connections (blocklisting). Will definitely give this a go!
Edit: looks very much like this is based on Netguard or borrows some of its code - near identical settings/etc.
You might have known already, But to those who don't; NetGuard is very configurable it can log just network access or do packet level filtering and although it obviously increases the battery usage, android misattributes battery usage of apps which access network to NetGuard.
I've used it for a few weeks. Aside from a single crash it's been great. Some apps you have to disable monitoring if they don't work with it, but I'd rather be able to do that on a per-app basis than having the floodgates open.
This is a neat concept but worth noting that any app that uses local VPN to analyze network traffic is technically doing a man-in-the-middle on your SSL / TLS data. It's not necessarily a problem but you have to be damn sure you trust the app, so it's great that this is open source.
> Contrary to similar solutions, this application does not intercept SSL connections, minimising privacy risks and allowing for usage on unrooted Android devices. Only the meta data about network communications is logged, and displayed to the users.
Unlike using a DNS or host file, with TrackerControl you can apply rules per host and/or per app, even block an app from using the internet at all. Also, one can log all the traffic and classify it per app, so it gives a lot of insight into which apps are communicating in the background and how often.
Note that the VPN that TrackerControl uses runs fully on the device (and TC itself is opensource) so there is no need to trust any additional third-party servers.
For Android, the VPN API is simply the only official and best-supported way of intercepting app traffic. Everything else requires root to mess with iptables, etc.
Been using this for some time now, after my Blokada became unstable and Netguard wanted money for blocklists. TrackerControl does the job well with a reasonable interface for making exceptions. They could be a bit more fine grained and I don't always agree with the categories but that's acceptable. Every once in a while the app crashes in the background and blocks all traffic, but less often than Blokada.
It's a great app but unfortunately some anti-malware solutions trigger on it because it contains some indicators of other malware (as it tries to block them). They are in plain text so other antimalware scans pick it up and block it. I wish I could use it but my work requires the antimalware.
NextDNS (the resolver) is not equivalent to using an app (a client) like TrackerControl.
NextDNS (the resolver) cannot prevent apps from doing their own DNS, or prevent apps from connecting to preset IPs. Only if the queries reach the resolver can NextDNS act upon it / track it / block it.
Also, apps like TrackerControl can do per-app blocking, just like LittleSnitch / LuLu and Glasswire do on macOS and Windows respectively.
I had given this a try a week ago. Love the concept, and pretty neatly surprised. But it broke quite a few apps, couldn't get them to load content from the internet many times. Finally had to uninstall out of frustration :/.
If you only use it to view, not post, I very much recommend Barinsta [0] - it's a fully-featured FOSS alternative client with every feature of the official client and more.
I've been using this the last while and it's shocking. Can't help but think a lot of the trackers would have been considered spyware 15 years or so ago.
