Pretty hard. If you don’t have prior experience with the AOSP codebase, I’d say it’s impossible. But if you want to get started, this is how to build GrapheneOS from source: https://grapheneos.org/build
My threat model isn’t such that I need it, it’s just really annoying. GrapheneOS does allow blocking network per-app, which is a sufficient workaround. It’s a bit tedious, but I can do the following:
disable network on sensitive apps
disable NetGuard and enable other VPN
finish what I was doing
undo step 2
undo step 1
I really wish there was a way to get VPNs and NetGuard playing nicely together. I want all traffic to be filtered by NetGuard, and then routed over the VPN. This is trivial on Linux, but apparently not so on Android, which is a shame.
There might be an easier way to accomplish this. The RethinkDNS app has a built-in Firewall and WireGuard VPN client. It also allows you to configure per-app Wifi and cellular data separately. The only caveat is that you would need to manually import the WireGuard profiles from your VPN provider.
Pretty hard. If you don’t have prior experience with the AOSP codebase, I’d say it’s impossible. But if you want to get started, this is how to build GrapheneOS from source: https://grapheneos.org/build
I meant it more tongue-in-cheek :)
My threat model isn’t such that I need it, it’s just really annoying. GrapheneOS does allow blocking network per-app, which is a sufficient workaround. It’s a bit tedious, but I can do the following:
I really wish there was a way to get VPNs and NetGuard playing nicely together. I want all traffic to be filtered by NetGuard, and then routed over the VPN. This is trivial on Linux, but apparently not so on Android, which is a shame.
There might be an easier way to accomplish this. The RethinkDNS app has a built-in Firewall and WireGuard VPN client. It also allows you to configure per-app Wifi and cellular data separately. The only caveat is that you would need to manually import the WireGuard profiles from your VPN provider.
Thanks, I’ll check it out. :) That should do nicely.