Originally Posted by Jeff_i
Is it (technically) possible to add "on-demand" feature ?
Maybe something close to how LBE works ... Yes/No/Don't ask again
Not on a granular, per-app basis, at least right now.
NetGuard for Android works by creating a VPN service at system level. Based on your choices in the allow/deny screen, NetGuard will set up VPN rules for which apps are forced through the "VPN". The "VPN" isn't a real VPN; rather, it just sinkholes the traffic to nowhere.
The limitation here is that when creating these rules, we can only set which applications' traffic enters the VPN. We can't granularly control which requests or hosts they can talk to, on a per-app basis. It would be possible to set "for all apps" a whitelist/blacklist of IP addresses, but this would be quite different, and would likely be less useful as a firewall, and more useful as simply an "ad blocker".
The VPN interface doesn't tell us which app is trying to access the internet though - we need to set it up before-hand. There are ways to tell, but Google (or a careful OEM) could easily block those with SELinux policy updates, and the goal here is to try to get all the functionality we need without any kind of root access.