The iodé adblocker is a system-wide, integrated network privacy solution embedded into iodéOS. Unlike traditional ad-blockers that often require root access or rely on a local VPN, the iodé adblocker is deeply integrated into the operating system itself.
It works by intercepting and analyzing DNS queries made by any app installed on the device. This allows it to block communication with known advertising, tracking, and malicious domains before any data is actually transmitted. It is lightweight, efficient, and respects user freedom and transparency.
DNS-Based Domain Filtering
At the core of the iodé adblocker is its DNS filtering mechanism. Whenever an application attempts to resolve a domain name (e.g., ads.example.com), the iodéOS DNS resolver intercepts the request and checks the domain against one or more curated blocklists.
- If the domain is found on the list, the DNS request is:
- Redirected to a non-routable IP address (like
0.0.0.0) or - Simply denied.
- Redirected to a non-routable IP address (like
- This ensures no communication occurs between the app and the unwanted domain.
The entire process happens before any HTTP/S or socket connection is established, which makes it efficient and reliable. This method is significantly more privacy-respecting than letting apps connect and then attempting to filter data afterward. No matter what kind of DNS protocol is used by the system or apps — as long as they go through the system resolver (the Android OS’s way of handling DNS), the DNS request is intercepted.
This includes:
- Classic DNS: The traditional, unencrypted DNS using UDP port 53
- DNS over TLS (DoT): Encrypted DNS using port 853
- DNS over HTTPS (DoH): Encrypted DNS using HTTPS through the system’s DoH settings
Some apps (like Firefox, Chrome, or certain messaging apps) include their own DNS resolver and talk directly to a DoH server, bypassing Android’s DNS system entirely.
In these cases:
- The app encrypts the DNS request internally
- It sends the encrypted HTTPS packet directly to a DoH server (e.g.,
https://dns.google/dns-query) - iodéOS never sees the domain name being requested
Because the request is already encrypted using HTTPS, iodéOS cannot inspect or block it without breaking encryption.
Why we refuse to intercept app-native DoH
To block such app-native DoH traffic, iodéOS would need to Decrypt HTTPS traffic between the app and the DoH server which is something dangerous.
This would mean:
- Intercepting and modifying encrypted web traffic (a “man-in-the-middle” attack)
- Installing fake security certificates to trick apps
- Potentially exposing users to massive security risks
This would undermine the entire principle of secure web communication (TLS/HTTPS).
So we intentionally avoid this to maintain:
- Security
- User trust
- Standards compliance
| Case | Can iodéOS block DNS? | Why? |
|---|---|---|
| System DNS (UDP 53) | ✅ Yes | Intercepts before system resolver |
| DNS-over-TLS (DoT) | ✅ Yes | Still passes through system DNS |
| System DoH | ✅ Yes | Uses system API; intercepted normally |
| App-native DoH | ❌ No | DNS request is encrypted inside the app |
This design reflects a thoughtful trade-off between privacy and security. While some advanced adblockers try to intercept all traffic, iodéOS respects the security boundaries of encrypted communication, even if it means letting a few app-level DoH requests through.
Real-Time Monitoring & Statistics
In addition to blocking DNS requests, the iodé adblocker provides transparent monitoring of all apps on the system. It keeps track of:
- The number of DNS requests each app makes
- The domains requested
- Whether each request was allowed or blocked
This functionality is built into the iodé app and gives users fine-grained visibility into what their apps are doing in the background. It can reveal aggressive tracking behavior from apps that would otherwise go unnoticed.
From a DNS request, the DNS server returns an IP address. The iodé blocker locally stores and uses that IP address for extra blocking based on the IP address and also for geolocation through a database used locally that returns the country of the IP address. The blocker then uses that data to keep track of:
- The amount of data sent to each country from different time ranges (and displays them on a world map)
- The amount of data sent to and received from each domain, from each of your app.
Automatic blocking
iodé uses different techniques to block as many trackers as possible.
By default, a standard blocking is activated. The standard list aggregates several hundred thousand trackers from open source lists such as Energized Protection, StevenBlack, oisd, blocklistproject. That is enough to keep pretty much all your Android apps to function but unfortunately doesn’t block all trackers. If you want to be more strict in your blocking, you can reinforce the blocking (Premium users) and use our aggregated list that counts more than 2 million domains.
Example: Blocking a Tracker
Let’s say you open a news app, and it attempts to contact the domain ads.telemetry.com.
- The iodé DNS resolver intercepts the query.
- It checks whether the domain exists in the “trackers” blocklist.
- It finds a match.
- The DNS resolution is blocked.
- The app is unable to load the tracking script or send your data.
- The blocked request is logged under that app’s stats.
This entire process happens in real time and uses negligible system resources.
An other technique technique is to use IP blocking on top of DNS blocking. As briefly mentioned in the previous point, the blocker locally stores IP addresses for geolocation but also to make the IP blocking.
On top of this you have the possibility to fine-tune the blockings for each of your apps by blocking sensitive content, unethical social medias, or customize it (next part).
Whitelisting and Custom Rules
The adblocker allows flexible user customization. You can:
- Whitelist (or blacklist) specific domains that are falsely blocked or needed for functionality.
- Use generic rules like Regex and Wildcards to bulk block domains.
- Apply per-app overrides, allowing specific apps to bypass blocking rules.
- Disable entire blocklist categories (e.g., allow ads but block malware).
- Temporarily disable the adblocker for troubleshooting.
These controls are accessible via the iodé interface and don’t require root access or terminal commands.
No VPN Required
A key technical advantage of the iodé adblocker is that it does not require a local VPN, unlike other Android solutions like Blokada or RethinkDNS.
This has several benefits:
- Leaves the VPN slot free for actual VPN services (e.g., Mullvad, ProtonVPN).
- Lower battery consumption and memory usage.
- Improved reliability and no interference with VPN configurations or captive portals.
Performance and Efficiency
- No root access required
- Minimal battery and CPU impact
- No persistent VPN process
- Works with or without MicroG
- Suitable for older and lower-end devices
Because it operates at a system level with minimal background activity, it is highly efficient compared to third-party adblockers.
Open-Source Foundation
True to our philosophy, iodéOS and the adblocker itself are based on open-source codebases. This promotes:
- Full auditability for advanced users
- Community trust and collaboration
- The ability to contribute or adapt the software
iodé maintains transparency about how filtering and DNS handling is implemented.
Summary of Key Features
| Feature | Description |
|---|---|
| DNS-based blocking | Preemptively blocks domains before connections are made |
| No root or VPN required | Works system-wide without using Android’s VPN slot |
| App-specific tracking stats | See what each app is doing on the network |
| User customization | Create whitelists, disable categories, and override app behavior |
| Blocklist categories | Ads, trackers, malware, adult content, social media, etc. |
| Real-time logs and analytics | Visual dashboards and per-app DNS stats |
| Efficient and lightweight | Low system impact, ideal for daily use |
| Open-source and auditable | Built on community trust and transparency |
The iodé adblocker stands out as one of the most robust and privacy-centric adblocking solutions available on any mobile operating system. It combines DNS-level blocking, transparent monitoring, customizable controls, and low system overhead into a cohesive package that empowers users to take control of their data.
Whether your goal is to block intrusive ads, stop online tracking, protect children from harmful content, or simply enjoy a cleaner internet experience, the iodé adblocker offers powerful tools and clear insights. It reflects a growing need for privacy-first software that respects users rather than exploiting them.
For more information on how the iodé blocker works, you can read our article about it here: https://blog.iode.tech/how-does-the-iode-blocker-work/
