Planning (and not yet success) on avoiding being monitored by the H K “Le@ve_H0me_$afe” app

Background

H K gov is planning to have all people using an app “Le@ve_H0me_$afe” (this is trying to fool the search engine, hopefully it work for now) under the name of tracking COVID spread.

What I want to do

Given I have my own VPN server, so it might work IF:

  1. identify the traffic it requested
  2. at VPN server block the traffic I don’t like

The App is on the device that always connect to VPN server

While using iOS, I can only trust the network configuration to have all traffic using the VPN.

Identify the traffic it requested

The tools I considered to use was firstly Postman Proxy, which in NO LUCK it work.

Example of intercept of traffic

Side discovery — Outline client VPN profile and HTTP proxy settings in iOS

I discovered connecting to Outline client VPN would disrespect the HTTP proxy settings in iOS, so that imply if I want the traffic to go through VPN while discovering what traffic the apps trying to make, I have to stop VPN in mobile device and enable Outline VPN in the PC installed Fiddler (by default Fiddler respect the proxy in system — which is the Outline VPN)

At VPN server block the traffic I don’t like (not yet success)

This is the unresolved part, as I am not expert in security, even Outline is completely open source, I am not considering to tamper it, there is feature request — https://github.com/Jigsaw-Code/outline-client/issues/887 (which was initiated from: https://github.com/Jigsaw-Code/outline-client/issues/8)

Conclusion

Um…the most important step is not able to resolve yet, to be continued…