Next step is to download Lockdown, open source and on device firewall. It also offers a VPN with an in-app purchase (kinda confusing when you are setting it up), but for free you get the firewall only. Easy to enable and block known ad-trackers (including FB sdk and Google Ads). Highly recommend. It's also made by ex Apple engineers, in case that helps for building trustworthiness.
firewalls are for both inbound and outbound connections. The GP's point is this isn't blocking network connections because you can still access the end point via IP.
What this is doing is redirecting known domain names to a sink hole. Much like Pihole does.
It has one of the best privacy policies I’ve ever read.
“ Everything Lockdown Firewall does stays on your phone, so no data is transmitted to any of our servers. This can be confirmed by checking the source code, which is 100% open and public for anyone to examine. Lockdown Firewall doesn't use any type of third party analytics, trackers, or APIs, so there's no risk of your data leaking to third parties. This means there's no Google Analytics, no Facebook Pixel, no Mixpanel, Fabric, Mailchimp, etc — nada.
Information We Collect
Lockdown Firewall collects nothing. It all stays on your device.”
It runs on device and it's fairly easy to analyze the traffic, you are not giving a third party all your access. You could proxy all the traffic through a Mac running LittleSnitch, read their code, inspect the VPN profile it installs on the device, etc. It will only have access to your internet traffic if you opt-in in the actual VPN tunnel service they sell, which is optional.
Just downloaded it, too. It does ferret out those ads in the NYT app that I can’t seem to get Pi-Hole to filter out. Seems it will save me setting up a VPN to the home network to use Pi-Hole when on the road, too. So far, it’s two thumbs up. I’ll give it a few days, but I’ll throw some money their way in-app purchase even I never use their VPN (though I’ll certainly give it a whirl).
If you like Pi-hole, consider nextdns.io and their iOS app, or their plenty other configs/apps as well.
Using the web control panel, pick from high level categories to block, or drill down and select from among the most common of dozens and dozens of block lists. Make one or more configs, so different family members or devices can be blocked differently.
With Lightweight apps for Android, iOS, Windows, macOS and Chrome OS offering privacy and security benefits of DNS-over-HTTPS. Always-on on all networks automatically to automatically bypass network filtering and government censorship.
Their DNS hosts leverage latency-based routing to automatically use the DNS server with the lowest latency, or use a subset outside "Five eyes" locations.
The VPN is optional purchase. I mentioned it since the setup is a bit misleading. The DNS blocking is free and on-device and available to run after skipping the VPN part. Pi-hole is harder to get right with a mobile device on the go unless you are hosting on your server. This is basically an app with a subset of features of pi-hole. iOS is very restrictive and to enable the on-device firewall you do need to use the VPN functionality but you can check the VPN profile it installs that references 127.0.0.1.
If you can figure out another way to pull it off, I’d wager you could make a fair bit of cash. Or at least get a job offer at a lot of places you might like to work.
https://apps.apple.com/us/app/lockdown-apps/id1469783711
https://github.com/confirmedcode/lockdown-ios