Is there a way to block iOS outbound traffic on a per-application basis, without jailbreaking the device? This would be useful for preventing data leakage and for limiting spending on mobile data. On Android, apps need permission for network access.
For mobile-data (LTE/etc) yes, you can go into the "Cellular" section in the settings and disable/enable using cellular data for any app.
On wifi, not that I'm aware of.
Out of curiosity, what do you mean they need permissions on Android? Up until the last Android version (Marshmallow), you either gave an app all permissions or didn't install it. To deny network traffic outside of that you basically had to have root access (which is functionally equivalent to jailbreaking).
You're right. I saw a non-root app on Android that provided per-app network permissions, but on second look it's just using a VPN. Thanks for the correction.
They had to ask permission at install though in the old (pre-Marshmallow) system. That system had many issues but you could just choose not to install something that requested internet and didn't need it.
Google have gone the same way as Apple with Marshmallow though and apps can access internet without permission in the new system - INTERNET is a 'normal' permission automatically granted. [0]
The short answer is no, not easily.
A more elaborate solution would be to install a global proxy on the device and route the connection through a server you control, filtering the traffic you don't want to go through. You can use Apple Configurator to configure the global proxy.
Thanks for the suggestion. That would work for whitelisting, but would block random web browsing. Or is there a way for the proxy to associate traffic flows with individual apps, e.g. permit all Safari traffic, block all other traffic that is not whitelisted?
Could a per-app VPN be used to blackhole app-specific network traffic at the VPN server? If so, would this need a third-party MDM solution, or could the native IPSEC client be used?
On wifi, not that I'm aware of.
Out of curiosity, what do you mean they need permissions on Android? Up until the last Android version (Marshmallow), you either gave an app all permissions or didn't install it. To deny network traffic outside of that you basically had to have root access (which is functionally equivalent to jailbreaking).