Privacy and security are increasingly becoming an issue for the average smartphone and computer user. Even if you have nothing to hide or do anything illegal, the things you do can be used to take advantage of or manipulate you. This is the whole point of collecting data for advertising. The target audience is people who may be prone to buying certain things. This type of manipulation doesn’t have to stop persuading you to buy things, and it doesn’t have to stop with the company doing the data collection.
How do you know who is collecting data about you?
You probably don’t, but there are a few ways you can get a hint. Personally, I have a pi-hole DNS server on my network so anything connected to my WiFi router will use that to resolve the external websites my devices are trying to connect to. If I use my own DNS server there, I can see which devices are trying to access which servers. I can also block those from whom I don’t want to collect data or send me content. This type of setup is pretty awesome, but requires building a cheap little Raspberry Pi server or virtual machine of your choice. More information about Pi-Hole. Usually, all your Internet connections are resolved by your ISP’s DNS server by default. That means your ISP can see all of this information and may use it to sell advertising or something else.
However, the DNS queries we’re talking about aren’t necessarily representative of actual internet traffic. Apps or operating systems can be hard-coded to connect directly to external internet protocol addresses, or they can be hard-coded to bypass your DNS server, or they can encrypt their DNS queries themselves. In most cases, however, all regular DNS queries are used.
My pi-hole server won’t work if I’m not on my WiFi network and instead use my phone’s data connection over LTE or 5G or whatever. When this happens, my cellular provider’s DNS server will show all of the other server names my phone connects to. Unless of course I also create a VPN to my internal network and then route all of my phone’s traffic through this (which I did) but this gets pretty complicated for a normal person and there is an easier way to go.
Especially on Android
Android is a little more open than iOS, so it’s easier to get more freedom-friendly software for it. On the flip side, it’s also much easier for phone manufacturers to incorporate data breach tracking software into their versions of the operating system. I mean, Google does that, but so do a lot of other companies that make Android smartphones.
Download Personal DNS Filter for Android
There are a number of DNS filtering programs available for Android, but I will recommend an open source program called Personal DNS Filter as open source software is usually more trustworthy since you (or anyone else) can have a look the source code and make sure it does what it says it does.
Once you start the personal DNS filter, you will see a log below with all the internet hostnames that your phone wants to connect to. The green ones are allowed and the red ones are blocked. If you read them you will see that most of the names are recognizable. Office365.com is my work email, Outlook.com is my Hotmail account, etc.
If you tap and hold any of the Internet hostnames listed in the log, the “Add Filter” and “Remove Filter” buttons appear. Tapping “Add Filter” will add the selected hostname to your personal block list, while tapping “Remove Filter” will unblock it. That way, if you see your phone connecting to something you don’t trust, this is a great way to block it for the future.
By default, PersonalDNSFilter uses the regular DNS server on your network. This means that anything you don’t block in the app will still go to your regular internet provider. If you tap on the DNS field in the app, you can activate “Disable DNS server detection” so that your phone uses the DNS server listed in this configuration window. Many are already listed by default. You can add and prioritize any DNS servers that support DNS over HTTPS (DoH) or DNS over TLS (DoT) if you want your upstream DNS queries to be encrypted for added privacy.
In the Advanced Settings> Configure Filter Update section, you can view the standard blacklists that have already been added in real time. However, you can also add your own blacklists or other blacklists from the Internet. These are the same types of text file lists that Pi-Hole uses, and there are many to choose from on the web.
A list of all server hostnames that you have blocked is displayed under Advanced Settings> Configure Additional Hosts. You can also type or copy / paste others into this list manually, and you can do the same for the Allow list. This listing also supports the asterisk
Wildcard characters so you can block anything under the facebook.com domain like “* .facebook.com”. Or you can block everything and then edit the allow list to only allow connections to very specific servers. This would be useful if you have a very limited data plan on your phone but you might still want to receive email from some accounts. Just whitelist the email server names you want to use.
This app uses Android VPN APIs to route all internet traffic from your phone to itself. That way, the things you’re blocking won’t consume your data plan. If you want to use this all the time, check your phone’s battery limit settings and remove any restrictions so your operating system doesn’t shut it down.
It’s not that easy on iOS
There’s no easy way to install a local DNS server on iOS, and you can’t even change the DNS server on cellular connections. However, you can change the DNS server on your own WiFi connections. So at home, you can change where your DNS queries go and point them to your own internal DNS server like a pi-hole.
There’s an app called DNS Safety for iOS that may do something similar, but it has a number of significant limitations. You’ll need to put your phone in supervised mode (which will hard reset it), use Apple Configurator on a Mac to install a configuration profile, and use Test Flight for the software in the Apple Store.
On Android it is very easy to see in real time all the external internet servers that your phone is trying to connect to. Even if you’re not really concerned about privacy or security, it might be helpful to just look at it for the sake of transparency or curiosity. And if you find your phone is doing something suspicious, you might want to do something about it.