I’m asking for Android specifically, but I’m curious what else is out there.

For example, some apps work without internet but may use it if it’s available. I might want to block that without having to turn off wifi, force stopping it, and wiping the cache/data.

Similarly, maybe I only want to use the app over a VPN and want to prevent accidentally opening it without first turning the VPN on.

  • @[email protected]
    link
    fedilink
    English
    16
    edit-2
    5 months ago

    On Android, there’s a VPN in f Droid that acts as a firewall, so you can say this app has internet this app doesn’t have internet

    To ensure that this program only works with a VPN, you can set up a work profile require always on VPN in the Android settings, then this app running in the work profile must use the VPN no matter what

    GrapheneOS has the internet kill switch built in for any app anywhere.

    Depending on your threat model, you need to be very careful, just because an app doesn’t have direct internet access, doesn’t mean it can’t talk to Google Play and pass messages that way. In the Android model, apps can talk to each other consensually, and you can’t stop that

    For desktop computers, we’d be talking about virtual machines and network names bases to enforce your policy rules. Qubes is the gold standard here.

      • OtterOP
        link
        fedilink
        English
        5
        edit-2
        5 months ago

        I also came across this one, but I haven’t heard of this one before. I’ve heard Netguard mentioned in the past

        Rethink: DNS + Firewall + VPN (Firewall apps, use WireGuard VPN, monitor network, block malware, change DNS.)

        https://f-droid.org/packages/com.celzero.bravedns/

        • @[email protected]
          link
          fedilink
          English
          65 months ago

          With RethinkDNS you can block an app completely, allow the app (WiFi, cellular, or both) and block certain domains. You can also use DNS block lists, force or exclude apps from either VPN or Orbot. Block apps not in use, block when DNS is bypassed. A bunch more stuff.

        • @[email protected]
          link
          fedilink
          English
          25 months ago

          Been using it for a while, and am pretty happy with it. It has some nice features, and works pretty well for me, so I’d recommend giving it a try. I believe it, unfortunately, doesn’t support OVPN though. But as I understand Wireguard are to be preferred over OVPN anyways.

      • @[email protected]
        link
        fedilink
        English
        25 months ago

        I’m not sure. That might be it.

        I use grapheneos so I can just turn off network access in the app info panel and still use my VPN.