Does telemetry from iOS, MacOS and Android use a different DNS server than the rest of the OS?
Been using NextDNS a month now. Very happy with the results. I'm managing to block around 50% of requests from iOS and MacOS. Linux Mint is about 5%. I'm playing with an Android phone as well to see how that compares.
I don't know much about how a phone works so forgive me if this is a silly question:
Does the phone operating systems have covert (to the user and NextDNS) ways of sending data back to Apple or Google without going through the DNS server set up on the phone? Can/does a phone avoid DNS blocking of telemetry information entirely by using a separate DNS server baked into the system firmware?
Any advice gratefully received.
Jeremy
5 replies
-
Jeremy Clulow said:
Does the phone operating systems have covert (to the user and NextDNS) ways of sending data back to Apple or Google without going through the DNS server set up on the phone?Yes. Nowadays most apps connect to their server directly using the destination IP address, so they do not need a DNS resolver in between to locate their server.
They even bypass VPN tunnels.
Interesting Reading:
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/ -
Thanks, so other than a Faraday bag, there is no way to stop that communication? Next DNS is blocking a lot, but only that which the phone manufacturer allows to be blocked? Before my iPhone needs replacing, I think I'll buy an android phone which will take an open source OS and start getting used to a reduced user experience but an increased privacy experience.
-
So is there any way of intercepting and blocking requests from a phone to an IP address which doesn't use a DNS server? Could a phone be tethered to, say, a laptop running an analytical tool to identify the IP addresses which could be blocked by some other means? And would the SIM card need to be removed entirely to prevent direct communication to the internet? This stuff is way above my skill level (have pity on this retired furniture maker) but I'd at least like to know if there is a theoretical setup which could achieve a very high level of privacy (other than the aforementioned Faraday bag) before I give up entirely ;-)
Content aside
- 2 yrs agoLast active
- 5Replies
- 498Views
-
3
Following