(Note)My search for similar issues has brought up #395 which suggests an one-time deny-all. The improvement laid out below goes beyond, it offers a default toggle that applies to new and existing apps alike, which then can be overridden as desired.
Is your feature request related to a problem? Please describe.
For trackers specifically, TC offers excellent, fine grained, descriptive control.
For internet access entirely, it allows to toggle allow/deny for one (existing) app at a time.
Alas, there doesn't seem to be a whitelist option in TC to deny internet access by default.
In NoRootFirewall or NetGuard, although generally less sophisticated, there's this basic option that enables you to effectively block all apps except those you explicitly want - and trust - to go online.
Unfortunately, neither of those firewalls provides anything near TC's depth of insight into tracking.
RationaleOne could argue that you either "do" or "don't" trust an app, and you're supposed to only install apps that you **do** trust, so you're fine with them going online and doing whatever they do (minus tracking), right?
That argument, however, is either very naive, or very limiting regarding the set of suitable apps. For many apps, your level of trust in them running offline, only, may indeed be significantly higher than your level of trust in them also going online.
As of 2024.01.03, the only approach I can see in TC is a real hassle: You have to manually go through the entire apps list and tap the icon of every concerned app, one by one.
Whenever you install a new app, this approach doesn't even help at all - unless you make the effort to previously download the .apk (without installing), then enter flight mode, then install it, then find it in TC and deny its internet access, and finally, leave flight mode again. Go figure!
Chainloading TC with another local VPN firewall doesn't work, either, as Android supports only one VPN at a time.
Describe the solution you'd like
In Settings --> Options,
provide a toggle Whitelist Mode (or Offline by Default, Deny Internet by Default etc.),
with an help text along these lines:
Deny internet access by default. Applies to new and existing apps. Unless overridden, this causes all apps requiring internet to break.
Additional remarks
This improvement would already make a big difference if it applied to new apps, only.
After all, you can adjust all existing apps - it's a tedious, but one-time task. However, if every single new app install requires hilariously convoluted workarounds just to keep the app offline at first start, that's easily a show stopper. - I, for one, am sticking with another local VPN firewall for this sole reason, and I doubt I'm the only one who'd eagerly switch to TC if this was resolved.
(Note)
My search for similar issues has brought up #395 which suggests an one-time deny-all. The improvement laid out below goes beyond, it offers a default toggle that applies to new and existing apps alike, which then can be overridden as desired.Is your feature request related to a problem? Please describe.
For trackers specifically, TC offers excellent, fine grained, descriptive control. For internet access entirely, it allows to toggle allow/deny for one (existing) app at a time. Alas, there doesn't seem to be a whitelist option in TC to deny internet access by default.
In NoRootFirewall or NetGuard, although generally less sophisticated, there's this basic option that enables you to effectively block all apps except those you explicitly want - and trust - to go online.
Unfortunately, neither of those firewalls provides anything near TC's depth of insight into tracking.
Rationale
One could argue that you either "do" or "don't" trust an app, and you're supposed to only install apps that you **do** trust, so you're fine with them going online and doing whatever they do (minus tracking), right? That argument, however, is either very naive, or very limiting regarding the set of suitable apps. For many apps, your level of trust in them running offline, only, may indeed be significantly higher than your level of trust in them also going online.As of 2024.01.03, the only approach I can see in TC is a real hassle: You have to manually go through the entire apps list and tap the icon of every concerned app, one by one.
Whenever you install a new app, this approach doesn't even help at all - unless you make the effort to previously download the .apk (without installing), then enter flight mode, then install it, then find it in TC and deny its internet access, and finally, leave flight mode again. Go figure!
Chainloading TC with another local VPN firewall doesn't work, either, as Android supports only one VPN at a time.
Describe the solution you'd like
In
Settings-->Options, provide a toggleWhitelist Mode(orOffline by Default,Deny Internet by Defaultetc.), with an help text along these lines:Deny internet access by default. Applies to new and existing apps. Unless overridden, this causes all apps requiring internet to break.Additional remarks
This improvement would already make a big difference if it applied to new apps, only.
After all, you can adjust all existing apps - it's a tedious, but one-time task. However, if every single new app install requires hilariously convoluted workarounds just to keep the app offline at first start, that's easily a show stopper. - I, for one, am sticking with another local VPN firewall for this sole reason, and I doubt I'm the only one who'd eagerly switch to TC if this was resolved.