• General
  • Are there an ad blocker option other than using ad blocking DNS servers?

Hello.

Are there any ad blocking option other than using an ad blocking DNS servers?

I want to be able to explicitly select domains I want to block. While using DNS servers it is not possible to select your custom domain blacklist.

AdAway does what I want, but it requires either root access (which GrapheneOS does not provide to a user) or setting a VPN (which makes you unable to use a real VPN).
I think about a built-in app that works like AdAway with a root access, that allows me to blacklist the domains I want.

It would be very helpful for me, and I believe, for other users.

Are there any security risks of having such app?
Hope you will consider this feature.
Thanks!

    Firefox for Android lets you install add-ons like ublock origin, which lets you select specific domains, subdomains, elements and CSS. Lots of options.

    But it's only for the browser, not system-wide like maybe what you were looking for.

    The following are some option I know of.

    uMatrix (from uBlock Origin maker) allows you to block domains and http elements per website. So you can block all google connections on yahoo.com for example, but allow them on microsoft.com. Or you can block google on all other websites, but allow direct google.com to work. This only works in browsers that allow addons and have uMatrix as an addon ( I think only firefox derivatives have this). This only in the browser.

    If you want a systemwide domain blocker then NextDNS allows you to add custom domains (likely you'll have to pay monthly). However It is system wide and happens outside of device so the VPN slot becomes freed, but I don't how your VPN will mix with this external DNS. VPNs have their own DNS and I don't know how this combination will work or if it will work.

    Adguard also occupies your VPN slot and blocks ads system wide. Paid adguard has the option of even intercepting and deciphering your https traffic and working similar to uBlock Origin in all your browsers even those who don't have adblocking or addons. It even does element filtering similar to uBlock for all those browser, this is because it is able to read and filter the https traffic (optional, can be turned off). But not everyone is ok with this. Also it does all of this on device which consumes battery.

    Your other option is to use your VPN external to your phone and (on a router) and connect your phone to that router. This way you can have DNS blocking apps occupy your VPN slot while your actual VPN happens outside of your phone. This option is rather inconvenient because... how are you gonna have a mobile router?

    Can you tell me how AdAway works? I'm interested to know.

      Some VPN services offer ad blocking within the VPN.

      User2288
      I'm looking for a system-wide blocking option, so all browser extensions are not acceptable.

      Didn't know NextDNS allows a user to add custom domains, I'll consider using it, but anyway, it's not the best option.
      Not that I don't want to pay, but I want a solution that is not dependent on external services and payments.

      External VPN is not an option for me, I need a solution that is not dependent on a network to which the phone is connected.

      AdAway (GitHub). I believe it works like AdGuard, but unlike AdGuard it has an option to use a Root-based ad blocker (VPN based is also an option). It allows you to select domains you want to block, redirect some domains to an IP and has an option to load list of domains to block from an external source (like this, which is used by default). Domains from external sources also updated automatically.
      It actually like a basic hosts file in linux, but with a gui. Root-based ad blocker as far as I know works exactly like that (editing hosts file) so it requires Magisk's Systemless hosts module to be installed. When the root based ad blocker is used it does not occupy your VPN slot and the effect is system-wide.

      I really like AdAway and I use it on my another old rooted OnePlus phone and I miss it on Graphene. I understand that rooting Graphene eliminates the OS security the developer of Graphene created, so I don't want to root it.
      I would really like to see such an app on Graphene.

      Have a look at Netguard. You can block domains via pseudo vpn like adguard and Blokada and additionally are you able to watch the traffic and block/allow connections for every single app.

        dirksche
        Thanks. I am aware of this app. I may not pointed out, but I don't want to use an ad blocker that is VPN-based because it occupies the only VPN slot. I use a real VPN and with that kind of ad blockers I would not be able to.

          Im my old galaxy s10 with stock rom I had the problem that adblockers that use the vpn only work for the main profile. For example I installed WhatsApp in the work profile via shelter, adguard or Blokada did only work for the main profile. The only way I could also filter the WhatsApp trackers was via Private dns.
          Does Graphene also have this problem? Do I understand in correctly that every app could have his own profile? Can I install apps like WhatsApp in a separate profile with separate contact list and still use the VPN for adguard for al apps?

          ilnamass Hi, NextDNS and Adguard DNS (not to be confused with the Adguard app) both do allow for adding custom blacklisted and whitelisted domains. Both are free.

          Rethink DNS is probably a good option too

          ilnamass
          Just FYI the thing you are looking for is the holy grail that everyone here is looking for, me included. And so far as I've been reading this forum zealously in the last 2 months, the consensus is that there is no solution like we want. I could be wrong, and I don't want to dissuade you. If there is a solution we are all VERY interested. I haven't read a solution here yet. The problem is the limitation of android allowing only one VPN layer and not having a hosts file access natively.

          In your case, as you have mentioned a few times, its important for you to use the VPN slot for your actual VPN, understandably. In this case then your only options are:

          • to get a VPN service that gives you adblocking and allows you a custom DNS as well (I don't know any, might exist)
          • use NextDNS (or similar service) in conjunction with your VPN
          • root the device and gain hosts access

          I can't think of much else for you.

          FYI NextDNS allows up to 300,000 queries per month for free. Paid service is only for more queries. Whether that's enough for you or not I can't say. I also don't know if it will even work with a VPN, but might.

          Lastly remember that general DNS domain blocking might be ok for apps, but for browsing and preventing tracking its not too great. Blocking a domain that way blocks it everywhere which can cause problems, as well as the fact that you can't block some important trackers that way, for example google ones. Another example is I may not want an app to talk to a domain, but I want the other app not to do so. Domain based systemwide blocking is problematic here.

          You can certainly implement DNS blocking AND run uMatrix in your browser on top of it. Also uMatrix is superior to uBlock origin if you want fine tuned control, but its more cumbersome on first visit to sites.

          That's all I have to help you.

          7 months later

          For mobile data on the phone, I have not found anything to do except have my provider (PureTalk) simply turn off mobile data on the kid's phone. I have asked them to institute some seective site blocking capability a la OpenDNS's lists and they are considering it.

          A really simple solution would be if my VPN provider (ProtonVPN) would institute some blocking. I have asked them to do this and they are considering it.

          For WiFI, my Verizon home router has a "Parental Controls" option but it flat out doesn't do anything. Only allows one "rule" per connected device and that does not affect any connections.

          I did finally register for OpenDNS, changed the router's DNS to the OpenDNS numbers, and selected my blocking at OpenDNS. That does work.