I’m asking for Android specifically, but I’m curious what else is out there.
For example, some apps work without internet but may use it if it’s available. I might want to block that without having to turn off wifi, force stopping it, and wiping the cache/data.
Similarly, maybe I only want to use the app over a VPN and want to prevent accidentally opening it without first turning the VPN on.
Tracker Control - it basically checks for trackers that the apps use, and you can block internet access for individual apps. It’s also on f-droid.
On Android, there’s a VPN in f Droid that acts as a firewall, so you can say this app has internet this app doesn’t have internet
To ensure that this program only works with a VPN, you can set up a work profile require always on VPN in the Android settings, then this app running in the work profile must use the VPN no matter what
GrapheneOS has the internet kill switch built in for any app anywhere.
Depending on your threat model, you need to be very careful, just because an app doesn’t have direct internet access, doesn’t mean it can’t talk to Google Play and pass messages that way. In the Android model, apps can talk to each other consensually, and you can’t stop that
For desktop computers, we’d be talking about virtual machines and network names bases to enforce your policy rules. Qubes is the gold standard here.
