Apple Cracking Down on VPN-Based Ad Blockers That Work in Third-Party Apps - What will AdGuard do ?

[Gass]

I'm at a loss as what I've read - that no new updates to these types of ad-blockers and VPNs are allowed to update their apps through Apple store.
It hasn't said they would be removed (in anything I've read on the web) - just no new updates to them from Apples end, so wouldn't they still work to some degree? Again nothing I've seen says a user needs to uninstall them if already occupying their device, of course this may be covered or addressed in a system update of the iOS itself.

Then how outside of Apple could any Updates happen for the older versions to these apps (Adguard specific), as one way to somewhat counter this approach by Apple?
Gass

 

[Gass]

This is for the macOS-version of NordVPN, not the iOS-version.

That's what I'm seeing also, besides a hand full of VPN's that have the feature to ad-blocking - I guess in-built of the client.

Then Nord doesn't offer any ad blocking info. in it's homepage, features and FAQ that pop out to a viewer either, so it must be rather new to doing this.
But does have something Feb.9th 2017 covered at https://nordvpn.com/blog/use-these-browser-extensions-for-your-privacy/
Use These Browser Extensions for Your Privacy

Then it notes on that page -
"However, ad blockers do tend to interfere with the way some websites work. They can break your favorite sites and, of course, they cause havoc on business that depend on online advertising revenue.

These are just some of the many tools available to keep you private and secure online. These four browsing extensions for your privacy are great options, and you really can’t go wrong with any of them.

However, it’s good to remember that no matter what great tools are available, you have to use them to be secure. And you’ll also have to practice good browsing behavior and remain vigilant."




Found It (just depends on key words used in a search engine)
Nord's CyberSec: New Security Upgrade From NordVPN June 30 2017
https://nordvpn.com/blog/security-feature-cybersec/
But again as @Tanith stated not for iOS .

Seems to offer "Skip annoying ads" if one turns CyberSec on or when enabled, CyberSec will automatically block harmful websites so that no malware or other cyber threats can infect your device. Additionally, no flashy pop-ups, auto-play ads and other advertisement material will come at your sight.

CyberSec prevents ads from loading the moment you enter a website. Not only this allows you to focus on the content you are there for, but also makes pages that you visit load faster and reduces your mobile data consumption.

Is it compareable to Adguard or even better? Off the get go I'm thinking AG has the community in beta testers - so ultimatly no. Then any new feature, as this add-in security tools are going to be a chore to use because they place technical excellence over user experience in the beginning, to being time tested per users in-put.

I'm thinking as with what I see-
"Then the technical procedure goes like this: your device contacts a DNS server to request an IP address of that site, and once the Domain Name System (DNS) responds, you enter the website.
It references a real-time block list of harmful websites that may host malware, spyware, trackers or other dangerous software. So when our DNS server receives your request to enter a specific site, CyberSec will check it’s name against the list of possible threats and decides whether or not to allow the requested access."
Which could break/limit some website you'd normally go to.
"If the site you are trying to reach is blocked by NordVPN CyberSec, its contents won’t be displayed and you will see a warning message instead. You won’t be able to continue to the blocked website, unless you choose to disable the feature in your system preferences."

In different users comments - 56 there today (some points brought up) to note-
I find the adblocker a bit slow.

Can we parameter it? I didn't find any parameter in the .exe app. > It's an adblock feature that works on the network level, with no parameters available at the moment.

What about sites like Forbes which force disabling of ad blockers? > CyberSec does work on Forbes, but some other sites may still detect it and require users to switch it off to access their content.

Would like to know if your planning to add a whitelist feature would love to keep this feature running on my application > I'm afraid we don't have such feature in the pipeline.

What DNS server are you using to provide this service? Where do you receive your threat intel? > We use our own DNS servers and aggregate our blacklist from a large number of publicly available lists of harmful domains.

Is this comming to the ios and android apps too? > It will be rolled out gradually for Android within the next weeks. However, iOS devices treat DNS servers differently, which at the moment prevents us from releasing CyberSec for iOS.

Gass

 

[avatar]

Updated version just passed the review, we will publish it tomorrow.

Bad news: no more system-wide ad blocking

Good news:
1. DNS settings are still there, you can set it up to use Adguard DNS. You'll have to enter DNS servers addresses manually.
2. We kept filtering log so you can manually examine DNS requests and block or unblock them.

This is not a self-driving system-wide ad blocking module, but you'll be able to set it up to work as good as it was.

 

[Gass]

Updated version just passed the review, we will publish it tomorrow.

Bad news: no more system-wide ad blocking

Good news:
1. DNS settings are still there, you can set it up to use Adguard DNS. You'll have to enter DNS servers addresses manually.
2. We kept filtering log so you can manually examine DNS requests and block or unblock them.

This is not a self-driving system-wide ad blocking module, but you'll be able to set it up to work as good as it was.

I'm not an iOS user, but have been following here some, so I can see the question being asked "what about in-app ads then, are those blocked with AG DNS means available"?

 

[Benny]

Really would have preferred you NOT update the existing app, so that it could remain the device without an update. Then just release a totally new app that complies. Apple doesn't disable apps on devices in these circumstances, so all existing users could have kept using the full functionality until some new iOS made it incompatible. (It's working on iOS 11, so wouldn't be anytime soon.)

Now users are forced to downgrade their app or have a pending update on their device for eternity.

 

[max2]

Updated version just passed the review, we will publish it tomorrow.

Bad news: no more system-wide ad blocking

Good news:
1. DNS settings are still there, you can set it up to use Adguard DNS. You'll have to enter DNS servers addresses manually.
2. We kept filtering log so you can manually examine DNS requests and block or unblock them.

This is not a self-driving system-wide ad blocking module, but you'll be able to set it up to work as good as it was.

So no more ad blocking in apps or no ?

 

[avatar]

"what about in-app ads then, are those blocked with AG DNS means available"?

Yeah, you can still set it up to use AG DNS.

Then just release a totally new app that complies. Apple doesn't disable apps on devices in these circumstances, so all existing users could have kept using the full functionality until some new iOS made it incompatible. (It's working on iOS 11, so wouldn't be anytime soon.)

Here're the problems:

1. The old app will be removed by Apple in that case and I'd like not to provoke them.
2. The old app will eventually become incompatible not just with iOS, but with the server side filters.
3. You can still use the DNS settings functionality, set it to use AG DNS and have almost the same functions.

 

[SergZZZ]

Yeah, you can still set it up to use AG DNS.



Here're the problems:

1. The old app will be removed by Apple in that case and I'd like not to provoke them.
2. The old app will eventually become incompatible not just with iOS, but with the server side filters.
3. You can still use the DNS settings functionality, set it to use AG DNS and have almost the same functions.

Can we get AdGuard Adblocking DNS servers that are located on US territory?

 

[paul]

Yeah, you can still set it up to use AG DNS.



Here're the problems:

1. The old app will be removed by Apple in that case and I'd like not to provoke them.
2. The old app will eventually become incompatible not just with iOS, but with the server side filters.
3. You can still use the DNS settings functionality, set it to use AG DNS and have almost the same functions.

Great job as usual. Will we have to pay for new app I really don't mind if we do it's so worth it

 

[avatar]

Can we get AdGuard Adblocking DNS servers that are located on US territory?

You should be routed to the US servers automatically, AG DNS uses Anycast.

Great job as usual. Will we have to pay for new app I really don't mind if we do it's so worth it

That were the reasons why we will update the old app and not publish a new one, so you don't need to pay for anything.

 

[Tanith]

Updated version just passed the review, we will publish it tomorrow.

Bad news: no more system-wide ad blocking

Good news:
1. DNS settings are still there, you can set it up to use Adguard DNS. You'll have to enter DNS servers addresses manually.
2. We kept filtering log so you can manually examine DNS requests and block or unblock them.

This is not a self-driving system-wide ad blocking module, but you'll be able to set it up to work as good as it was.

Are the improved DNS-features like

- working automatic DNS change for cellular
- Auto-IP-Update to DNS-Providers
- encrypted DNS protocol
-black and white-list for the Adguard DNS
…

still be on the to-do-list in future versions of Adguard Pro?

 

[Benny]

FWIW, the VLC app was de-listed by Apple for several years. Since I had purchased prior to being pulled for copyright type reasons, I and other owners were able to continue using it and re-downloading to new devices.

Just worth considering that it would be seen as a nice gesture to your paying customers. I know I would appreciate it.

That is, leave the current app alone and publish a new compliant app. Yes, the old app will be de-listed but it wouldn't get removed from any existing owner's devices. Maybe it would eventually lose compatibility with the servers, but that could be corrected and/or at least give us a few more months of full functionality.

The DNS approach is nowhere near equivalent to the existing app functionality on many levels. I think this is well understood or otherwise there would have been no need for it.

 

[AudigyMaster]

The users need to understand that keeping the old one on the store against Apple warning would create tension between both companies, with a higher probability of a retaliation from Apple(it's their store, their rules).

It's much better for Adguard's future in the store, to abide by their rules now.

What current customers can do to safeguard this functionality, is to download the current .ipa file of Adguard Pro trough iTunes before the new one is released. Then you can reinstall that old version later by using that .ipa file you saved.

Unfortunately DNS filtering is not a failsafe solution since some ISPs can intercept your DNS traffic(DNS hijacking) and DNSCrypt is still not supported without jailbreak(maybe never will). Nonetheless is better this than none.

 

[Bastet]

Updated version just passed the review, we will publish it tomorrow.

Bad news: no more system-wide ad blocking

Good news:
1. DNS settings are still there, you can set it up to use Adguard DNS. You'll have to enter DNS servers addresses manually.
2. We kept filtering log so you can manually examine DNS requests and block or unblock them.

This is not a self-driving system-wide ad blocking module, but you'll be able to set it up to work as good as it was.

How easy will it be to set up the DNS manually for those (like me) who are new to doing this?

 

[Boo Berry]

There's a new blog post covering this stuff.

https://blog.adguard.com/en/adguard-ios-1-3-0/

 

[Bastet]

Thanks @Boo Berry
As long as the app continues to work blocking ads in apps, wifi & cellular it'll be fine.

 

[AudigyMaster]

BTW guys, in this 1.3.0 version will you keep the system wide whitelisting/blacklisting capabilities? I am asking because I use the blacklist to add the Apple domain responsible for the OTA update verification(mesu.apple.com) and avoid the automatic download of the OTA.

 

[Benny]

The users need to understand that keeping the old one on the store against Apple warning would create tension between both companies, with a higher probability of a retaliation from Apple(it's their store, their rules).

It's much better for Adguard's future in the store, to abide by their rules now.

What current customers can do to safeguard this functionality, is to download the current .ipa file of Adguard Pro trough iTunes before the new one is released. Then you can reinstall that old version later by using that .ipa file you saved.

Unfortunately DNS filtering is not a failsafe solution since some ISPs can intercept your DNS traffic(DNS hijacking) and DNSCrypt is still not supported without jailbreak(maybe never will). Nonetheless is better this than none.

The devs should also be aware that Apple will grant refunds to purchasers of the Pro app on the basis of key functionality being removed. Creating a new app would eliminate this risk to AdGuard's finances. It takes an email to customer service and is handled on a case-by-case basis, but that is the pattern Apple has followed in the past.

This is clearly a tough situation, but I continue to argue in favor of siding with your paying customers over a vague sense of potential tension. If the tension did materialize you could always change direction later. But once an update is pushed, you can't go back.

In short, why rush the decision? Publish a new app and update the old later if Apple has an issue.

 

[AudigyMaster]

(...)This is clearly a tough situation, but I continue to argue in favor of siding with your paying customers over a vague sense of potential tension. If the tension did materialize you could always change direction later.(...)

It's not vague, in past cases Apple dealt with heavy hand on devs who bent/failed to latter comply with the rules. You need to understand that even this "downgraded" version(1.3.0) still uses the "fake" VPN method*. Based on section 4.2.1 of the App Store Review Guidelines, which says that APIs and frameworks should be used for their intended purposes, it’s likely that Apple doesn’t see DNS override/adblocking as the “intended purpose” of VPN certificates.

*(to enforce the chosen DNS servers system wide on both WiFi and Cellular Data, which still allows the use of DNS servers that effectively block ads in apps)

 

[max2]

So how is, Using DNS settings to block ads, just as good to block in other app ads ? Just asking.