alt Hacker NewsI think this is a great idea. Wouldn't have guessed this would be possible so I looked into how it'd actually be implemented.
I guess this is done on the device as a VPN via Apple's NetworkExtension config. But instead of a normal VPN where traffic goes through a server, the app just locally applies rules based on the app the packet came from and then routes them normally to their destination.
That is correct! There is no annotation of which apps a packet comes from, so VineWall also runs locally a DNS proxy and uses the domain to infer the app