โ—† TrustPhone DNS

LOCAL DNS FIREWALL ยท ANDROID 8+

Block ads & trackers before they load

TrustPhone DNS filters DNS queries on your phone using a local VPN tunnel. Blocklists, policy profiles, and logs stay on your device โ€” no account, no cloud browsing history.

Get on Google Play How it works
200K+Domains after list update
DNS-onlyUDP port 53 โ€” not a full VPN
OffTelemetry by default
๐Ÿ›ก
PACKAGEcom.trustphone.dns
VERSION3.0.1
ENGINEBLOOM โ†’ SQLITE
RESOLVER1.1.1.1 ยท DoH opt-in

WHAT THE APP DOES

Built for real DNS filtering โ€” not marketing fluff

Every feature below is implemented in the current v3.0.1 codebase.

Free

DNS Firewall

Local VpnService routes only your DNS resolver IP (/32) into a TUN interface. Intercepts UDP port 53 โ€” HTTPS and app traffic are not inspected.

Free

Shield Lists

Toggle ads, trackers, and malware. Lists download from HaGeZi, Steven Black, URLhaus, and Phishing Army โ€” cached on device with live counts.

Free

Policy Profiles

Default, Child, Teen, Family, Work, and Travel profiles with adjustable risk threshold. Local reputation scoring blocks suspicious domains.

Free

Allowlist & Deny

Whitelist domains that break and add custom deny rules. Applied before blocklist matching.

Free

Activity Log

Searchable on-device log of recent DNS queries (blocked and allowed). Export as CSV from Privacy Center.

Free

Optional DoH

DNS-over-HTTPS to Cloudflare when enabled. No silent downgrade to plaintext when DoH is on. Default upstream: 1.1.1.1 UDP.

Pro

Per-App Rules

Bypass DNS filtering for one app or force-block all DNS per app โ€” useful for banking apps or strict parental control.

Pro

Schedules & Network Rules

Run protection only during set hours. Filter on Wiโ€‘Fi only or mobile data only.

Pro

Custom Blocklist URL

Point the updater at your own HTTPS hosts-file list instead of the default feeds.

Free

Quick Settings Tile

Toggle protection from the notification shade. Persistent notification with one-tap disconnect.

FREE VS PRO

Start free. Upgrade when you need control.

Free

$0

  • Full DNS firewall
  • Ads / trackers / malware lists
  • All policy profiles
  • Allowlist & custom deny
  • Activity log & stats
  • Optional DoH
  • Quick Settings tile
  • Settings backup (JSON)
Pro

Lifetime

One-time purchase

  • Everything in Free
  • Per-app bypass & block
  • Scheduled protection
  • Wiโ€‘Fi / mobile-only rules
  • Custom HTTPS blocklist URL

Purchased via Google Play Billing. No subscription required.

HOW IT WORKS

From DNS query to block or resolve

01

Capture

System DNS to 1.1.1.1 (or your resolver) is routed into the local TUN โ€” UDP/53 only.

02

Bloom filter

In-memory MurmurHash3 pre-check rejects most domains instantly.

03

SQLite confirm

Room database verifies positives โ€” no false blocks from bloom alone.

04

Policy & rules

Profile, risk score, per-app mode, schedule, and network rules evaluated.

05

Cache or upstream

Allowed queries hit in-session TTL cache or resolve via UDP/DoH upstream.

HONEST LIMITS

What TrustPhone DNS is not

Not a full VPN โ€” does not hide your IP or encrypt all traffic.
Not SafeSearch โ€” does not rewrite Google/Bing results.
Not 100% ad-free โ€” some in-app ads bypass DNS.
Not a parental guarantee โ€” family profiles are best-effort.
Private DNS must be Off โ€” on Samsung/Pixel, disable system Private DNS.
Lists need a download โ€” first install uses a small starter list until you update.

Privacy by design

  • DNS query logs stored in local Room SQLite โ€” never uploaded
  • No HTTPS page inspection โ€” DNS hostnames only
  • Firebase Analytics & Crashlytics off by default
  • Remote Config fetches resolver settings only โ€” no DNS history sent
  • Android cloud backup disabled for app data
  • No account or sign-in required
Read full privacy policy

FAQ

Common questions

Why does the app need VPN permission?

Android only lets apps intercept DNS system-wide through VpnService. TrustPhone DNS routes a single resolver IP into a local tunnel โ€” it does not send your traffic to a remote VPN server.

Will this block YouTube or in-app ads?

It blocks many ad and tracker domains in browsers and some apps. Hardcoded or non-DNS ad delivery may still show. Per-app bypass (Pro) helps with apps that break.

Samsung sites won't load โ€” what do I do?

Go to Settings โ†’ Connections โ†’ More connection settings โ†’ Private DNS โ†’ set to Off. System Private DNS bypasses the app's filter.

Is my data encrypted on the phone?

Query logs use standard app sandbox storage, not SQLCipher. DNS can be encrypted in transit when you enable DoH in Settings.

Get TrustPhone DNS

Version 3.0.1 ยท Android 8.0+ ยท Package com.trustphone.dns

Google Play โ€” Coming Soon Contact support

Set Samsung Private DNS to Off for best compatibility.