Yes, although some can not, the vulnerability which Checkra1n [1] exploits being an example of such. In this case I consider this to be a good thing since it makes it possible to circumvent vendor-imposed restrictions. I like to be the one who gets to decide what runs on my hardware, I see no need to hand off this responsibility to any vendor no matter how virtuous they portray themselves (or are portrayed as such by others).
I really don't understand the fawning over Apple Inc. when it comes to their claims of supporting privacy, I trust them no more nor less than I trust other similar companies. I know I can keep my devices ad-free because I am the one who decides what gets to run and what does not, which software gets network access and which does not, what goes through the firewall and what not. I also know what software gets access to which OS features and what does not. Can this veil of security be circumvented by a serious opponent? Sure, there are likely to be bugs in the software and holes in the veil, no more or less than there are such bugs and holes in other systems. I deem the chance of a serious opponent singling out me and my devices as slim so for now I assume I can use my devices without being mined by the ad-tech industry.
It doesn’t really need to be a serious opponent. If you randomly drop a phone in a cab, chances are, it will end up in the hands of someone running one of these exploits on it.
Doing network security on-device is antipattern. Doing it at the network layer is easier and more portable. Not only do I block ads on my iPhone, I even run an IDS/IPS on all of the traffic, no exploits or jailbreak required.
Although, if you still prefer to block-ads on device, those solutions also exist for iOS.
> Although, if you still prefer to block-ads on device, those solutions also exist for iOS.
Of course I run content blockers on my devices, this is not 'antipattern' at all. I also run them on the local network into which I, when needed (e.g. when using public wifi) connect through a VPN (used to be OpenVPN, now using Wireguard).
While Apple is slowly opening up the content blocking possibilities I have been doing this for about 9 years now, including egress blocking (using a whitelist, only those programs explicitly allowed are able to transmit data). Android being built on top of the Linux kernel made it possible to use most of the existing tools (iptables etc) more or less right from the start - which for me was with Android "Donut" (1.6) on an HTC Prophet (which was sold with Windows Mobile).
