websites aren't that much problematic as we can use adblocker easily. But what are you going to do in andriod app? Education app/ bank app were sending a lot of data to facebook which was causing headache to me. I can't even block whole asn because my mom use it to chat with relatives. They literally have integrated in app supply chain which makes the situation abysmal.
dns sinkholes like "pi-hole" can help, but have disadvantages like the lacking user interface: when you open an app and it doesn't work, you have no easy way to see all requests related to that app and whitelist or stub them.
What we need is a containment approach to apps that enables us to configure network settings individually: app1 has no need to connect to FB and is not allowed to do so, yet app2 can use the fb identity provider services. On top of that we must break open some connections and replace the content: app2 gets some don't-crash stub injected when it asks for tracking scripts. There are some obvious problems with "mitm injecting stub code", so containment profiles must be distributed as open source and reviewed. (this is how browser ad-blocker plugins work)
the problem starts when google, apple doesn't provide easy way to control domains app connect to. It would be nice if they provide firewall and allow us to block entire domain like don't allow Facebook or google in this app. Like littlesnitch but for ios and andriod.
But we know companies like Google aren't going to make such drastic step because they themself want data and have 0 incentives. Mitm is not easy in app due to pinning and requires root access which is very hard these days because banking app doesn't work on rooted phone.
And pi hole have stopped working because app's are using 1.1.1.1 or 8.8.8.8. Future looks bleak tbh.
