On Android, you have the option to integrate DNS system-wide and combine it with a great firewall like NetGuard or AdGuard. This is for non-rooted devices, but you would have even better options for rooted devices. However, from a security perspective, I actually don't recommend rooting your device. So let's stick with non-rooted.
This setup always worked for me, and you can block, via both apps on Android, access to wifi/mobile for each individual application. Which makes it pretty safe and even blocks Google from tracking you if set up correctly. With ADB comments, you can even remove/uninstall for the main user on most mobile phones including Samsung, Huawei etc.
Now why would I have said "worked for me"? And why don't I mention Blockada as a recommendation.
I think the best way to explain about Blockada is what was written by RethinkDNS.
It's hard to find and fall in love with a DNS service, let alone with an app which offers an easy DNS set up. RethinkDNS does that and so much more. For example, you can use a bunch of blocklists with a single click, and use it with the RethinkDNS setup, but you could also host these lists on your device itself, downloading it from and within the app and use a different DNS but block on your phone.
Additionally, RethinkDNS has a firewall, which is able to block all apps, including system apps, and has a great log file to watch what is happening. But unlike other non-root firewalls, RethinkDNS lets you also block IP addresses. It lets you choose to not just block an IP or site via a single app, but system-wide.
If that is not impressive enough maybe you'll like the next part even more. RethinkDNS has a one-click Tor-as-a-proxy (orbit) setup and lets you route all traffic which you allow – via Tor. This makes it a mighty tool when it comes to privacy.
RethinkDNS has announced WireGuard integration in one recent updates. This means you do not lose your VPN slot to DNS, but actually have a firewall, DNS and WireGuard/Tor setup in one application.
RethinkDNS is truly a one-app privacy powerhouse.
I am a strong believer in DNS providers who block malware, ads and other spy agencies, but RethinkDNS brings all of this to a new level.
So far RethinkDNS is only available on Android, but they are planning for iOS as well. Developments like this excite me, and you can see the power of FOSS in a setup like RethinkDNS.
If you own an Android smartphone, RethinkDNS is second to none when it comes to protecting your data, securing your HTTPS encryption and even blocking connections to your camera, gallery, calculator and other applications which have no need to have access to the internet.