Does this work with apps that do their own TLS using their own pinned certs? I don't see how it could. Surely that's a lot of high profile apps these days.

If this app works without root, it must be possible to apps on iPhone to add their own certificates to the system, which are then trusted by other applications - that would already be pretty alarming. I think Android still requires certificates to be manually imported by the user. Maybe this app points you to instructions on how to do this, but the description makes it sound very automatic.

If you've got a Jailbroken phone, this post explains how to extract the TLS keys (to decrypt the traffic) using a Frida script

https://andydavies.me/blog/2019/12/12/capturing-and-decrypti...

For sure, it can be done, I was just thinking that MITMing yourself on iPhone is not so easy these days as just installing this one app.

You can add an ssl certificate but if they do cert pinning then it breaks. Most don’t do cert pinning.

No, you’d need to jailbreak or modify the application for that.

If you can set your own DNS on iOS why not just use something like nextDNS.io?

NextDNS is fantastic. I use it to block ads on my iPhones and iPads.

Seeing it != blocking it.

If you can see it you can make an informed choice if the tradeoff is worth it.

If you can see it, but can't block it, then you've already lost a part of it before you can make that informed decision.

Of course you can block it, a private DNS with ad blocking is trivial to setup. Knowing about it is far important as you can make informed decisions.

You basically need your own VPN server with Pi-hole installed to control the tracking. It is a very effective way to block this, but not that easy to setup.

If you can use NextDNS, you have something akin to a Pi Hole.

So https://guardianapp.com then?