This isn't effective because Little Snitch only sees the domains so apps can just serve the trackers on the same domain as essential services making blocking impossible.
replyThe only way to prevent malicious apps from affecting your privacy is to not install them or not give them network access.
I derive lots of value from Little Snitch on my Mac, so this approach is more effective than not having anything.
replyAnd yes, having the ability to deny any app network access on iOS would be great.
Yeah but it might be because you are part of a minority. Once/if this is built into the OS, the app builders will have a strong incentive to do things differently.
replyCan, but they don't, because app developers are just as lazy and don't waste time to hide their trackers
replyThey don’t because there is no reason to currently.
If this was added then they would have a reason to and do it.
replyYouTube used to be separate domains for ads and then it got merged together so that you can’t block the ads network wide without blocking YouTube videos.
That's YouTube. One of the unlaziest dev teams. Spiderman Solitaire isn't going to bother.
replyYet.
replyThis exists already! You can see it by going to Settings > Privacy & Security and turning on the App Privacy Report at the bottom.
replyThanks, I did not know about this setting. Curious to see what will show up now that it’s on.
replyIf I remember correctly iPhone apps used to use the devices SSL certificates so you as a user could install your own and man-in-the-middle the traffic to see what was being sent. AFAIK now the apps use certificate pinning.
replyCertificate pinning is actually rarer today than it was a few years ago. You see it mostly in bank apps, and some system services. It’s not a best practice.
replyApps can choose to do what they want.
replyYes and it should work properly instead of making unwanted initial outbound connections (macOS firewalls are broken).
replyIt’s not quite that detailed but iOS’s builtin “app privacy report” does give a fair amount of info, including a list of domains accessed.
replydeleted
reply