0

Does telemetry from iOS, MacOS and Android use a different DNS server than the rest of the OS?

Been using NextDNS a month now. Very happy with the results. I'm managing to block around 50% of requests from iOS and MacOS. Linux Mint is about 5%. I'm playing with an Android phone as well to see how that compares.

I don't know much about how a phone works so forgive me if this is a silly question:

Does the phone operating systems have covert (to the user and NextDNS) ways of sending data back to Apple or Google without going through the DNS server set up on the phone? Can/does a phone avoid DNS blocking of telemetry information entirely by using a separate DNS server baked into the system firmware?

Any advice gratefully received.

Jeremy

5 replies

null
    • bithip
    • 1 yr ago
    • Reported - view
    Jeremy Clulow said:
    Does the phone operating systems have covert (to the user and NextDNS) ways of sending data back to Apple or Google without going through the DNS server set up on the phone?

     Yes. Nowadays most apps connect to their server directly using the destination IP address, so they do not need a DNS resolver in between to locate their server.

    They even bypass VPN tunnels.

    Interesting Reading:
    https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/

    • Jeremy_Clulow
    • 1 yr ago
    • Reported - view

    Thanks, so other than a Faraday bag, there is no way to stop that communication? Next DNS is blocking a lot, but only that which the phone manufacturer allows to be blocked? Before my iPhone needs replacing, I think I'll buy an android phone which will take an open source OS and start getting used to a reduced user experience but an increased  privacy experience.

    • Jeremy_Clulow
    • 1 yr ago
    • Reported - view

    So is there any way of intercepting and blocking requests from a phone to an IP address which doesn't use a DNS server? Could a phone be tethered to, say, a laptop running an analytical tool to identify the IP addresses which could be blocked by some other means? And would the SIM card need to be removed entirely to prevent direct communication to the internet? This stuff is way above my skill level (have pity on this retired furniture maker) but I'd at least like to know if there is a theoretical setup which could achieve a very high level of privacy (other than the aforementioned Faraday bag) before I give up entirely ;-)

      • iOS Developer
      • Rob
      • 1 yr ago
      • Reported - view

      Jeremy Clulow If you block an iPhone from contacting Apple servers, it won't get iOS 16.2's Rapid Security Response Updates. This might leave your phone vulnerable for bad actors to invade your privacy in more severe ways than Apple might do?

      • Jeremy_Clulow
      • 1 yr ago
      • Reported - view

      Rob 

      I came across this research, which I find rather depressing:

      https://www.scss.tcd.ie/doug.leith/apple_google.pdf

      I guess that is the gamble privacy enthusiasts take? "Just do as we say, and you will be safe". Is the message from the manufacturers. Then we find that we have swapped safety for autonomy and suddenly the amazingly useful device we paid good money for (whether it be either of the only two alternatives iOS or android) is gathering information about us, that we don't want gathered.

      It's a real conundrum. If nextDNS can't prevent this leakage of information to the degree I am happy with, I will be looking at an Android phone with an open source OS on it. I moved from Windows to Linux years ago, and I've never regretted it. I love my iPhone, but I hate other things more.

Content aside

  • 1 yr agoLast active
  • 5Replies
  • 342Views
  • 3 Following