Is has become common practice of PC and mobile operating systems to assume that Wifi connectivity means unlimited data volume and is pretty much seen as an invitation to download hundreds of megabytes of software updates. This wrecks havoc on many peoples volume cap when they offer tethered Internet access from one of their mobile devices to other devices while on the road. This really makes me wonder why Google or Apple haven’t yet done anything about this on their mobile devices!?
Yes, I know, Windows, for example, has an option to declare a connection as “metered” which in turn is supposed to prevent the download of huge software updates. I am pretty sure, however, the 99.999% of users have no idea how to set the option or that it even exists. So I don’t think a ‘self’ controlled download ban on updates would ever work in practice, the process has to be prevented on the device that offers the metered Internet connection to other devices. But how?
Blocking IP addresses of update servers doesn’t make a lot of sense as they probably change all the time. But one could return the local loopback address when tethered devices make DNS lookups for well known update server domain names. On rooted Android devices, putting such a list in place wouldn’t be much trouble, I’ve done it before to reduce ads in web pages. I had a bit of a look around but couldn’t find any update server lists that span all operating systems. Microsoft maintains a list of their update server domain names here (for the reverse purpose…), but others are more difficult to find.
So I really wonder why neither Apple nor Google has a feature that blocks DNS lookups for update servers. It could even be an optional feature that is off by default so nobody could blame them for actively sabotaging overall security. And while they are at it, the feature should of course occasionally update the list on its own.
The carriers themselves should “white list” traffic for device/OS updates so that it doesn’t get counted against usage. I know some US carriers do this already using the DNS Snooping feature of the Cisco EPC. The DNS Snooping feature of ECS tracks the IP addresses associated with domain names during resolution and rules are created to “white list” that traffic. This means you don’t have to track individual IP addresses, just the host names associated with the update servers. It is still a process to maintain that list though.