Question for the group on a problem I’m trying to solve: How can I block internet access for some apps on standard, OOTB Android?

My current set-up is to use Proton VPN with the Android settings “Always-on VPN” and “Block connections without VPN” and then use Proton VPN’s Split-tunneling to exclude certain apps from using the VPN. This has the desired effect of blocking certain apps from having access to the internet.

However, I now find that I need to use certain Apps without the VPN but with internet access. In the past, I’d used something like NetGuard to control which apps have internet access, but, as Android only allows one VPN slot, this would require me to swap out Proton VPN.

So my problem statement: I’d like to be able to continue to use Proton VPN, exclude some apps from using that VPN but still have access to the internet, and block still other apps from the internet entirely. I’m struggling to find a way to do this.

Any suggestions are welcome!

  • Decentralizr@lemmy.world
    link
    fedilink
    arrow-up
    10
    ·
    11 months ago

    You can do this. But you need to use rethinkdns and download the configuration of the proton vpn wireguard server(s) you wanna reach. You can have internet blocked for individual apps, have some tunnel without VPN but DNS and firewall protection and some go through servers of proton (even per app to different servers). It’s a powerful tool. You won’t get the same protection as you would get with let’s say GrapheneOS but you are getting damn close to it if done right

    • Monkey With A Shell@lemmy.socdojo.com
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Interesting idea, a DNS filter won’t do much for traffic pointed at a specific IP though. Curious how that would set the system wide DNS without being a root level app.

    • deepdive@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Rethinkdns is probably your best bet! Right now they are missing an important feature where It takes wireguard’s DNS configuration into account, making it obsolete for those who have private dns in a local environnement with an upstream dns !

      Can’t wait for version 0.5.6 😄