From 1ddc414f0e19ca55ab8c13deb523140e4970d851 Mon Sep 17 00:00:00 2001 From: Prefetch Date: Tue, 11 Jul 2023 19:08:06 +0200 Subject: Publish "Android 'hosts'-based adblocking without root" --- source/blog/2023/android-hosts-blocking/index.md | 141 +++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 source/blog/2023/android-hosts-blocking/index.md (limited to 'source/blog/2023/android-hosts-blocking/index.md') diff --git a/source/blog/2023/android-hosts-blocking/index.md b/source/blog/2023/android-hosts-blocking/index.md new file mode 100644 index 0000000..1224d74 --- /dev/null +++ b/source/blog/2023/android-hosts-blocking/index.md @@ -0,0 +1,141 @@ +--- +title: "Android 'hosts'-based
adblocking without root" +date: 2023-07-11 +layout: "blog" +toc: true +--- + +I hate how obnoxious tracking and advertising are online. +In Firefox I can just use an adblocker, +but for mobile apps it isn't so simple. +There, you basically have two options: + +1. Run a "local VPN" that filters all requests, + but then you can't use a real VPN at the same time, + and you need to trust whoever wrote the app (use open-source!). + When I tried this, I found it also often turned itself off, + so... not ideal. + +2. Root your phone to enable more powerful methods; + the easiest approach is to replace your + [`hosts` file](https://en.wikipedia.org/wiki/Hosts_(file)#Extended_applications) + with one that contains all domains you want to avoid. + However, rooting a phone can be tricky, and if you succeed, + all the authentication and banking apps you've collected over the years + will refuse to work unless you jump through even more complicated hoops... + Ah, I love it when apps decide what I can and can't do with my phone. + + +On Android, I recommend you take a look +at [AdAway](https://adaway.org/), which can do both methods. +But it turns out there's a better way under certain circumstances... + +Are you running a custom Android ROM, like [LineageOS](https://lineageos.org/)? +Then you might be in luck! +Open your ***Settings*** app and look for the ***Build number*** +in a section called ***About phone*** or similar. +Does the number contain the string ***"userdebug"*** (see below)? +If yes, congratulations, read on! + +{% include image.html file="build-number-full.png" width="42%" + alt="'Build number' at the bottom of the 'About phone' section" %} + + + +## Part 1: preparation + +First, we need to enable developer settings on your phone. +You're already in the right place: +tap ***Build number*** several times +until it asks for your password as confirmation. +Once enabled, you can find a new entry ***Developer options*** +in the ***System*** section of the ***Settings*** app. +There, in the ***Debugging*** section, enable both +***USB debugging*** and ***Rooted debugging***: + +{% include image.html file="dev-settings-full.png" width="42%" + alt="Debugging settings in the 'Developer options' menu" %} + +Next, you'll need a trusted PC to plug the device into +(yes, *trusted*, I mean it: you're about to give it root access to your phone). +Make sure it has the `adb` program installed; +read [this guide](https://www.xda-developers.com/install-adb-windows-macos-linux/) +to get it (or on Linux you can use the package manager). +Check it's working by running: + +```sh +adb devices +``` + +Your device should show up, although it may have a weird name. +It'll say it's *"unauthorized"* until you accept +the pop-up that will appear on the phone. + +Finally, prepare the `hosts` file you want to upload to the device. +I recommend [Steven Black's files](https://github.com/StevenBlack/hosts), +but you can also find others or even write one yourself. + + + +## Part 2: pushing the file + +If you have a *"userdebug"* build, +you can give `adb` root privileges by running: + +```sh +adb root +``` + +This is required for the following commands to work +(if you don't trust me, try it). +Next, we need to get read/write access to Android's system files. +To do so, execute these commands: + +```sh +# Turn off `dm-verity' system integrity checking. +# Note: it'll tell you to reboot, but in my experience +# this isn't necessary. It won't do any harm either. +adb disable-verity +# Request read/write access to the system +adb remount +``` + +Now we're ready to copy the `hosts` file you prepared to the device: + +```sh +adb push path-to-desired-hosts-file /system/etc/hosts +``` + +If you want, you can check it succeeded +by reading the file from the phone: + +```sh +# Enter a shell on the phone +adb shell +# Read its current `hosts' file +more /system/etc/hosts +# Leave the shell, back to your PC +exit +``` + + +## Part 3: cleaning up + +When you're satisfied, turn integrity checking back on and reboot the device: +```sh +# Re-enable `dm-verity' for security +adb enable-verity +# Reboot so the new `hosts' takes effect +adb reboot +``` + +Once rebooted, go back to ***Developer options*** +and disable ***Root debugging*** +and ***USB debugging*** for security reasons. +Then, if you wish, you can turn off ***Developers options*** entirely. + +Congratulations, you've now made the domains listed in `hosts` +inaccessible for all apps on your phone, enjoy! +But beware: Android system updates may reset the `hosts` file, +although they don't always in my experience. +You can always easily check the file's contents after an update. -- cgit v1.2.3