Implement URL whitelisting in Android



  • I want to whitelist some URLs been used by my device and native apps for sync and updates.

    Other than these few URLs, I wish to block all other URLs being accessed by any chat window and browser. I have my device rooted, and have been looking for a common solution which can be accessed by all native applications and browsers.

    I have found a solution to override the API "shouldOverrideUrlLoading" in the class WebView Client, but if there are any applications which do not call this WebViewclient and directly calls native APIs (system/netd).

    I am quite new to the WebView thing, do let me know if anyone has any solutions or suggestions.



  • If you really want to get all traffic of all apps and services you need a VPN solution with traffic interception similar the way Mitmproxy works on PC. As you have root you could https://android.stackexchange.com/a/232051/2241 (see second half of the linked answer) and then decrypt all outgoing TLS traffic, get the URL check if it white-listed and continue or abort the request. Unfortunately I don't know an app that works like Mitmproxy without saving all the data. Most apps that do traffic interception do this for capturing the data like https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture or https://play.google.com/store/apps/details?id=com.egorovandreyrm.pcapremote . But the latter is partly open source so this could be a starting point, assuming you have the necessary development skills.

    Even after installation of your root CA certificate some apps won't work anymore as they use certificate pinning. So you have to test if the apps you want to white-list URLs from are affected.

    If you would be content with a filtering on domain level you could simply use an app like https://blokada.org/ . For domain filtering you don't need traffic interception, hence you could skip the custom root CA installation and so on.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2