Completely agree. Occasionally I run Charles Proxy[1] on my iPhone to analyze network activity and am disturbed by what I see. Software shouldn't be able to open arbitrary network connections without user consent/control, but we're not there yet to a large enough degree on mobile unfortunately.

[1] https://www.charlesproxy.com/documentation/ios/

The reality is that this sort of control would only be attractive to a very very small fraction of users, and no, not just because ‘people don’t care about privacy’ or whatever. There are just very few situations where someone is going to be able to look at this sort of data and do anything meaningful with it, especially when a) most apps are justifiably internet-connected, and b) the homogeneity of public cloud infra means you can’t really tell anything apart from endpoint alone.

But you don't have to do it yourself, that's what all the blocklists more knowledgeable people have created are for!

A good set and forget option for the non-tecnical or those that can't be bothered is https://www.iantispy.com, basically just does it's thing and doesn't nag to upgrade.

This product looks a little scary. The ensure mentions no address or names, just that it’s made in Australia and an email address for support.

You’re giving this app complete control of your system and have no idea what they’re doing with the data.

At least with Little Snitch and uBlock Origin, I know who is behind it and maybe there is safety in numbers of users.

Yeah nice one... Little Snitch is made in Austria and has email for support. The one I suggested is made in Australia and also has email for support. They are both offered by registered companies with their relevant registration numbers shown on their respective sites. Both have a privacy policy and a terms of service. Both "have complete control of your system" (whatever that even means, neither requires elevated privs). Seems pretty standard. iAntiSpy is also on the App Store, so there's that too.

Privacy is not the only use-case. Some users need to monitor data usage to avoid bills they cannot afford.

Starting in iOS 15.2 you can turn on the App Privacy Report to log which domains each app on your phone connects to https://support.apple.com/en-us/HT212958

It would be nice for them to add a block option in there as well

Wow, just wow.

I had no idea this existed, that’s awesome. Thank you!

Yes, but these days commercial OSes are seeing a hefty uptick in "first party malware," so to speak, making a third party audit attractive for reasons completely independent from technical integration.

Anything external to the OS level is doomed anyway, from the security standpoint. APIs offered to the good guys can be misused by the bad guys. You see this with all those snakeoil virus scan offerings which dramatically increase attack surface (exploited regularly, but that's not what Symantec an friends are telling you).

Plus, anything external to OS level is easier to trick into not seeing what you are doing. And again, if sth external can install itself so deep into the OS that that's hard, then the bad guys can do that too and hide.

> I've always thought this should be a feature in an OS for advanced users. Combined with some OS level security optimizations it could be quite a powerful security feature for the paranoid and at-risk.

I agree, by integrating it with an OS with good sandboxing you can provide some powerful security benefits, otherwise the main use cases I see are marginal privacy improvements by blocking telemetry from non-malicious apps, or reducing bandwidth usage.

Android does a pretty good job of this with its sandboxing and the network permissions for apps, and you can view the data usage per app in your settings.

edit: here is a good resource explaining Android security features and firewalls https://madaidans-insecurities.github.io/android.html

Isn't this just a firewall?

Yes it's a friendlier desktop interface to a whitelist firewall. Rather than the usual blacklist approach used when engaging with the internet.