Question for the group on a problem I’m trying to solve: How can I block internet access for some apps on standard, OOTB Android?
My current set-up is to use Proton VPN with the Android settings “Always-on VPN” and “Block connections without VPN” and then use Proton VPN’s Split-tunneling to exclude certain apps from using the VPN. This has the desired effect of blocking certain apps from having access to the internet.
However, I now find that I need to use certain Apps without the VPN but with internet access. In the past, I’d used something like NetGuard to control which apps have internet access, but, as Android only allows one VPN slot, this would require me to swap out Proton VPN.
So my problem statement: I’d like to be able to continue to use Proton VPN, exclude some apps from using that VPN but still have access to the internet, and block still other apps from the internet entirely. I’m struggling to find a way to do this.
Any suggestions are welcome!
If you’re interested in that level of control, it’s time to look hard at GrapheneOS. “Internet” is a permission you can grant or deny for each app, under GrapheneOS.
But I’m not aware of a way to selectively direct phone traffic through Proton VPN, at the phone. Even on GrapheneOS.Enough skill with an expensive router could do it, but only on your home network, or only while routing all of your phone traffic back to your home network via yet another VPN.Edit: TIL, Proton VPN supports split tunneling. Sweet! Look under Settings - Advanced - Split Tunneling - then pick your apps to include/exclude.
Edit 2: TIL DivestOS also supports “Internet” as a per app Permission. Very cool.
DivestOS can also deny internet access, for the people who don’t have a Pixel
DivestOS seems to give a nice balance between vanilla Android and Graphene. I really like it.
I would even say it’s the next best thing after Graphene. The dev goes through some outstanding effort to remove as many unnecessary and/or proprietary blobs as possible, paired with patching a myriad of known vulnerabilities, too. And the hosts file contains around one million blocked domains.
DivestOS takes degoogling to a much higher level than most other systems.
You can route traffic through VPN on the phone, then just use split tunneling to exclude apps that should have regular network access without VPN. But you have to switch off “Block connections without VPN” in settings.
Oh hey, thanks! I never particularly wanted any of my apps to route around the VPN, but there the option it is under Advanced, when split tunneling is enabled. Could be handy. Thanks!
NP. Yeah I only routed Tor browser around the VPN in the past to not slow it down too much but I hardly use Tor anymore so VPN routes everything now.
I’ve been suspecting I’d need GrapheneOS for a while now. Might finally be time to jump.
CalyxOS runs on a similar set of devices, is free, and does include a firewall app too. I still run Netguard, but that’s mostly for ad-blocking.