AdGuard v3.6.11 for Android: significant changes in CoreLibs and DNSLibs

We know you've been waiting for this and are literally starving for AdGuard for Android updates. So without further ado we introduce you to its fresh release – straight out of the oven.

The most impressive changes were made in our core filtering engine – CoreLibs and DnsLibs – and we’ll talk about them in detail below. As for the rest, we’ve worked to enhance content filtering and made a bunch of minor changes to improve the app performance.

A significantly updated version of DnsLibs – the DNS filtering library – now consumes less resources and runs faster. The DNS-over-QUIC protocol implementation now supports the RFC 9250 standard, and the experimental status was removed from the DoQ support.

First step to Encrypted ClientHello support

But what’s more exciting is that with the DnsLibs v2.0.75 release we’ve made a first step to Encrypted ClientHello support.

What is Encrypted ClientHello? Nowadays, almost every internet connection is encrypted and no one can see what's inside it. However, there is still one little issue: the very first connection packet, which specifies the name of the server you connect to, remains unencrypted.

Say you want to open www.google.com, your ISP cannot see what exactly you send and receive from it, but they know what website you are communicating with. ECH (Encrypted ClientHello) is a new technology that is supposed to solve this issue and encrypt that last bit of unencrypted information.

And the first step toward supporting this technology is... its suppression!
To start suppressing Encrypted ClientHello switch on both pref.dns.block.ech and pref.https.redirect.doh flags in Settings → Advanced → Low-level Settings.

But fret not: we just want all your apps benefit from ECH, not just your browser. To accomplish this, AdGuard needs to make your apps establish normal HTTPS connections with it, and then it will establish an ECH-enabled connection on their behalf. This experimental feature is planned for the next update, so stay tuned.

DNS-over-HTTPS filtering

With the CoreLibs update to v1.10.186 DNS-over-HTTPS filtering has become possible. We’ve implemented this experimental feature to prevent Chrome and Firefox DNS requests from circumventing DNS filtering by using a DNS-over-HTTPS server. Now AdGuard can automatically filter DNS-over-HTTPS as well.

DNS-over-HTTPS filtering can be enabled in Settings → Advanced → Low-level Settings, its name is pref.https.redirect.doh. In the future versions we're planning to enable it by default.

Improved content filtering

The core filtering engine update has also provided many useful benefits to filter maintainers. For instance, we’ve implemented a new $jsonprune basic rule modifier that allows advanced filtering for JSON responses. We’ve also added a new $hls basic rule modifier that will help with preventing video ads providing advanced filtering capabilities for modifying HTTP live streaming files.

We've told you about the major changes that hit the AdGuard v3.6.11 for Android release. But if you want to check out the full changelog, follow this link to GitHub. Hope you’ll enjoy the new version!