Is there a way to guarantee a mobile device or tablet can only access my own services and block all other traffic?
Is there a way to guarantee a mobile device or tablet can only access my own services and block all other traffic?
Is this possible on any modern day phone or tablet? Selfhosting as made me very privacy-consciouss and am concerned about my iphone.
You're viewing a single thread.
Yes. Firewalls.
With an iPhone, however, you are screwed. Apple won't let you do what you are looking for.
VPN would still work for iPhone I imagine. Small whitelist of DNS would do 90%+ of the job.
Apple bypasses VPNs for certain system services, or at least has in the past
Also falls back to hardcoded IPs when DNS fails
I killed off ads in the News app by blocking
doh.apple.com. I find it kind of funny that it looks up its DoH server IP using the existing DNS server and that simply returning NXDOMAIN cuts it off.Not sure if they use it for much more than that though (doesn’t seem like it).
True, somewhat... but on the iPhone, many functions that seem like basic things are tied to Apple's services and cannot easily replaced by selfhosted services. This phone would not work properly anymore.
other than texting and calling idk what else I would use that isnt selfhosted :)
In the other reply, you said something about GPS.
Well, location services aren't really GPS anymore.
The phone looks at all of it's radio environment (cell and WiFi and whatnot) and from that it calculates it's location. GPS may help a little, too, but it's not important.
It needs Apple's own databases to do that: collections of all antennas in the world, and their known locations.
Hmmm. That could be what's slowing down the GPS locking on my old android phone I use for my fitness app.
No SIM card or WiFi access. Takes a good 20 min just to get a GPS lock.
That means it fucks up my distance monitoring and time intervals, if I don't have patience to wait, which I honesty don't!
The app is basically a fancy timer at this point.
;)
In that case, your phone needs to "see" at least 4 satellites at the same time (more is even better) to get the first GPS lock, and that's probably why you need to wait for so long.
It could help to walk to a spot with no buildings, trees etc.
Once there was an app called "GPS essentials" to help with that.
Texting uses http over the data channel for MMS.
You can enforce an always-on VPN (for at least ipsec) via an MDM profile. This kind of features isn’t found in the casual user setup options, but there's plenty of knobs to tune in the enterprise profile configurator.
And yes, you can easily install that profile on your phone after.
Except, apple is bypassing VPN for their own tracking:
https://appleinsider.com/articles/22/10/12/most-apple-apps-on-ios-16-bypass-vpn-connections
https://www.reddit.com/r/apple/comments/yfhmfw/ios_161_allows_certain_apps_to_bypass_vpn/?rdt=60650
That's really shitty given the expectation set when using a VPN
Yes!