Recently I was being super anxiety about a law approved by the government. This law requires all Android and iOS apps must be approved by the authority before app store, ISP and vendor can distribute, provide internet and include it.

The law is so vague that I assume the worst case is that the vendors have to set a whitelist of package id and/or signature for which app can be granted internet access. Considering the bootloader lock cannot be unlocked (thus no root privilege) and no side-load is allowed (in China, vendors use custom installers that can disabled side-load), I think that will be the worst cast for those who seeking a free internet. It will be much more efficient than the GFW, which works on the transportation layer.

Also, I heard that in some areas, GFW is testing SNI whitelist. If your TLS session's target is not in the whitelist, GFW will cut off your TLS handshake. Not sure about the IP whitelist though. But considering the fact that all domains must be approved by the authority before you can host a website in China, a nation-wide SNI whitelist is not impractical.

I feel hopeless in this country, yet I have families here, and I can't leave.