There are a lot of binaries other than Android that run on Smartphones that you cannot possibly control from within Android even with fully-privileged apps (let alone restricted user-space apps). And, even within Android, because Blokada doesn't support "Block connection without VPN", there's no guarantee that apps don't bypass the VPN it sets up. Besides, Blokada leaks DNS requests over TCP (only handles the UDP ones) [0]. All of this is discounting the fact that Blokada has a hard-coded list of applications it blanket allows by-default [1].

Also, these fingerprinting bits in their code-base doesn't inspire confidence either [2][3].

I'd not consider Blokada a serious security app at this point, though it does have the potential to be one.

disclosure: I co-develop a similar foss app.

[0] https://github.com/blokadaorg/blokada/blob/65992cdc/android5...

[1] https://github.com/blokadaorg/blokada/blob/8702350602b/andro...

[2] one identifier too many for a user-agent: https://github.com/blokadaorg/blokada/blob/8702350602b/andro...

[3] unique identifier per installation: https://github.com/blokadaorg/blokada/blob/04efb84e06e1/andr...

Honestly I don't, the same way I don't know if Google is bypassing them.

But according to the logs on my router Blokada is working.

p.s. blokada actually also blocks ads on the formula 1 official app that are served through websockets