How does the iodé blocker work?

How to Guides

The big picture

Your Android or iOS device continuously makes all kinds of internet connections. Either when browsing the web, using your apps and even when your phone is idle in your pocket.
These connections can come from:

  • your Operating System, meaning Google and/or Apple
  • preinstalled apps
  • additional apps you install

Some of these connections are necessary for your device to work as expected. For instance, if you browse the internet using a web browser, you want to be able to access web pages, but you don’t necessarily want Google to constantly collect your location if you use Chrome to do so without you knowing, or your data to be sold to advertisers or data brokers.

That’s where the tricky part comes in:

  1. The data collection is opaque. You don‘t really see whether advertisers, spammers, trackers and malware are part of your phone activity and collect your data.
  2. While you can potentially uninstall your apps, you unfortunately can’t do anything regarding the OS or preinstalled apps that are not uninstallable.
  3. Let’s say you see what connections your apps make: what if you want/have to use them anyway knowing they may collect your data behind your back? You may want at least to limit the data collection and prevent them collecting your data as much as possible .

To solve this, we built iodéOS for you, an Open Source, clean and light OS that comes:

  • without Google data collection
  • with a privacy-friendly selection of preinstalled apps
  • with the possibility to uninstall them if you want
  • with the iodé blocker
welcome to iodé

What is the iodé blocker?

The iodé blocker is one of the main features of iodéOS. It is a built-in adblocker that automatically blocks trackers and malicious recipients in order to preserve your privacy and secure your data.

What‘s a tracker, anyway?

Before diving into the specifics of the iodé blocker, let’s first define what a tracker is. A tracker is a piece of software, often as part of an app, that is implemented to collect data about a user and their behavior and send that data back to the app developer and third parties, if third party integrations are built in (which is often the case). The tracker can extract personal data (your credentials or payment details), behavioral data (how often and when you use the app, which parts you interact with the most) and meta data (your location, your device type, your language, your screen size etc). Many apps include software by Google or Facebook, because that makes part of the development process faster and easier for the developer, but to the disadvantage of the end user, whose data is then being collected by these Big Tech companies. These are advertising companies who use and sell your data for profit.

How are trackers blocked?

The iodé adblocker runs permanently on your device by default.

One way to detect a tracker is to monitor Internet activity, by intercepting connections coming in and out of the phone. This is a method actually used by hackers and is known as a MITM (Man In The Middle) attack. The iodé blocker uses this principle to trace the network activity such as network packet exchanges and DNS requests. It analyzes internet connections on the DNS level, in order to decide which addresses to block and which to serve you. Imagine having a machine blocking unwanted calls from that person you don‘t want to talk to anymore. That‘s kind of how it works.

What is DNS?

DNS stands for “Domain Name System“. You can think of it as the phonebook of the Internet. When a computer (for example your laptop) connects to another computer (for example a server that hosts a website) over the internet in order to gather information, they do so by connecting via the Internet Protocol. Each computer has an IP address, just like phone numbers, so they know which device to connect to. Since remembering a bunch of numbers for each use case is not the most user friendly way to surf the web, humans invented DNS so they can type in actual words that are easier to remember than long lines of numbers. That way, you can visit our website by typing in www.iode.tech, instead of typing numbers into your browser.

What if my system uses DoT, DoH, or another kind of DNS server? Is the iodé blocker able to analyze the requests?

As the blocker captures the DNS requests before they are transmitted to the system function that emits the DNS request, it is is independent of the kind of DNS server used by the system or set by an independent app: classical DNS on UDP port 53 or any other one, DNS over TLS (DoT), DNS over HTTPS (DoH) etc. What we do not support is DoH when it is natively built into applications, i.e. when an app communicates directly with a DoH server, without asking name resolution to the system. It would require to decrypt HTTPS packets between such an app and the DoH server, which may create a big security hole.

How about network packets?

Once a DNS requests comes through, a communication channel (called network socket) is opened and data collection gets through. Without getting too specific into the ISO model, a packet is a small segment of a larger message. The iodé blocker calculates the amount of data sent and received through each socket and displays it. You can therefore see what data gets sent to each domain, from each of your app.

iodéOS Stream

How does iodé localize each recipient?

From a DNS request, the DNS server returns an IP address. The iodé blocker locally stores and uses that IP address for extra blocking based on the IP address and also for geolocation through a database used locally that returns the country of the IP address. The blocker then uses that data to calculate the amount of data sent to each country from different time ranges and displays them on a world map.

How do I know all trackers are blocked on my iodé phone?

Here is the tricky part: there are millions of them! Tracker domains and IPs change all the time, and it’s almost impossible to block them all at a given time. Fortunately, iodé uses different techniques to block as many as possible and lets you personalize it in a way that suits you best!

The first technique is to use IP blocking on top of DNS blocking. As briefly mentioned in the previous point, the blocker locally stores IP addresses for geolocation but also to make the IP blocking.

Secondly, with our adblocker, you have the possibility to fine-tune the blockings for each of your apps. By default, a standard blocking is activated. The standard list aggregates several hundred thousand trackers from open source lists such as Energized Protection, StevenBlack, oisd, blocklistproject. That is enough to keep pretty much all your Android apps to function but unfortunately doesn’t block all trackers. If you want to be more strict in your blocking, you can reinforce the blocking and use our aggregated list that counts more than 2 million domains. But that’s not all: from the blocker you can also block sensitive content, unethical social medias, or customize your own list. Talking about customization, you can define regular expressions too.

Finally, you can set the network you want to block (mobile data, WIFI, VPN) and perform network blocking for any app.

Where do I find the blocker app?

You can check the tracking blocker right from the launcher. That way, if one of your apps has less than optimal protection, you won’t miss out on it. You can also find the app, which is just called „iodé“ in your app menu.

We have also developed a widget for quick access to blocker information and functions. To add the widget to the home page: long press on the screen -> Widgets -> iodé -> drag the widget.

iodéOS widget

Who updates the lists?

The lists are collaborative Open Source databases that are perpetually updated by a dedicated privacy community. That way, not one entity controls the list and many eyes contribute to the lists staying up to date and uncompromised.

iodéOS gets updated on a monthly basis, and lists are always updated at least once a month. Lists get updated more often for beta testers.

Can I create my own list?

Yes, you can also entirely customize your own protection and block any recipient!

What about child protection?

If you want to protect your child from accessing content on the internet that is not for them, like adult or gambling content, as well as certain apps you don‘t want them to use, you can do that with iodéOS. On the one hand, you can set which categories should be blocked, like porn or social media links. On the other hand, you can just cut off internet access for apps, so even if your child installs a social media app you don‘t want them to use, the app itself can‘t connect to the internet and is thus useless.

We covered child protection in two articles, namely How to protect your kids from getting spied on their phone? and How to setup an iodé phone to protect your child?

So if the the iodé blocker analyzes the data transmission, does that mean that iodé, the company can track all my activities?

No, since the monitoring happens locally on your device. We don‘t even have access to what data passes through your device and the DNS filter.

How does iodé’s network blocking differ from Android’s network blocking?

Regarding iodé’s network blocking: for the Linux kernel , WiFi, mobile data and VPN (and also ETH, …) are different interfaces and present independent kernel nodes to communicate with. The WiFi and/or mobile data interfaces can be blocked, but the hardware still used for VPN for example. With iodé, selecting one type of network to block blocks it exclusively, independently of the others, whereas Android does not follow the same principle and considers that if you block Wi-Fi, then the VPN will also be blocked.

Can I use the blocker with a VPN (Virtual Private Network)? Or with another adblocker?

Totally! The iodé blocker doesn’t use the VPN slot like non-root adblockers usually do, therefore freeing up space for the use of a VPN, or even a VPN-based adblocker. The iodé blocker can also be used alongside root-based adblockers.

An app does not work. Is that because of the blocker?

There are generally 2 reasons why an app might not run properly on iodéOS:

1) The lack of Google Play Services, which are partially replaced by microG services. Unfortunately not all services are implemented in microG, causing certain apps to dysfunction.

2) The iodé firewall being too restrictive for an app, blocking too many recipients. To check if the firewall is responsible, unblock the app from the iodé interface (settings -> blocking selection), select the app, remove all blocking and then relaunch the app.

In certain cases and for various reasons (issues in the data & preference storage, system freezing etc.) an app might start being dysfunctional after a while & systematically stops running while opening it. In this case, try to uninstall and reinstall it or directly clear its storage (Settings -> Apps -> Select App -> Storage and cache -> Clear storage), and relaunch it.

What’s next regarding the iodé blocker?

The iodé blocker has been a cutting edge tool since we started the project. That is why we put a great effort into its development. But we are very cautious with the development of new features in order to keep the blocker 100% functional and performant with each update and to keep the interface clean and simple. That being said, we are currently working on new projects such as a new technique to detect and block trackers. Stay tuned for more!

iodé white logo 367x134