Apple Ads bypassing Lockdown App

I had been using the Lockdown app when not on VPN for my iPhone. Based on the block logs, it seems to work well for blocking tracking by non-Apple big tech companies (amazon, Facebook, google, etc). I manually added Apple tracking/Advertising domains to the custom block list and it worked somewhat but recently stopped working entirely. I figured Apple must have been bundling the Ad traffic with other ‘legitimate’ traffic or changed their domains. I had mostly given up on blocking ads within Apple Apps after adding many domains from other block lists intended to stop apple tracking/ads with no effect.

I had been running Quad9 DoH on my phone for some time but got interested in NextDNS due to its more advanced/custom features. I added the Apple Tracking block list to my configuration and tried it out. To my great surprise Apple Ads disappeared from the News app. I checked the logs to see what unknown domains Apple had hidden their ads in…

…the same domains I had manually added to the Lockdown App :face_with_raised_eyebrow:

My Analysis on what is going on:

Lockdown uses a ‘dummy’ VPN profile to run the traffic through and block domains on device. NextDNS uses the DoH capability native to iOS.

Three possibilities come to my mind based on this.

  1. iOS leaking traffic outside a VPN for core services (a known issue) to keep their ad revenue going

  2. Lockdown app intentionally ignoring the Apple Ads domains (lockdown is run by former Apple Employees)

  3. Lockdown app custom domain feature is broken

To test this I turned on ProtonVPN with ad blocking. The ads went away. Thus the ads cannot be the result of VPN leakage. Thus it looks like Option 2 or 3 is likely. Unless anyone else has some idea of what might cause this?


To clarify, you’re talking about an app and not the Lockdown Mode that came out with iOS 16 right? I don’t think Lockdown Mode has an ad blocking feature which is why I was confused for a bit when I read your post, lol.

If the VPN you are using supports ikev2 you are able to use both ProtonVPN and lockdown. I haven’t used proton since a bit before their rebrand but it should be possible if you change the preference to ikev2.

Thank you for the replies. To the first question from @InternetGhost , yes I am referring to the Lockdown Application and not the lockdown mode of the iPhone (though I am using that as well). The Lockdown Application does on-device DNS filtering for trackers/ads. It comes pre-loaded with block lists but you can add your own under custom domains. That is where I manually added the apple ad domains to no avail.

I appreciate the advice @Can though I have settled on a different solution. I am running NextDNS which I can toggle off when I want to use a VPN. I use ProtonVPN for specific use cases for traveling on untrusted Wifi networks, streaming from outside my country (Japanese Netflix has Star Trek for free BTW), and for the specific times I want privacy from my ISP. But I am not an ‘always on’ VPN kind of person.

1 Like