Owner of jailbroken & firewalled iPhone(s) for many years here.
"Safari" is the app that does the browsing.
"com.apple.Webkit.networking" is the app that works in the background doing things like the icons refresh. Some other applications also use this "channel" (app) to reach out, and I usually have it on "Deny all". I like it better when apps do their own connections and don't hijack the "backroards".
The only two reasons I jailbreak ALL my idevices(s):
a. Firewall IP
b. Protect My Privacy (PMP)
You literally have no idea what goes in the background when you install and run an app if you don't spy on your phone.
The disgusting part is that even my bank's (NatWest) app, as well as LastPass talk to irrelevant companies when I fire them up, with (my) most hated being Facebook (which is of course blacklisted and added on my hosts file).
For my Android devices I always run "NoRootFirewall" which is a pretty good firewall.
Edit: Both FirewallIP (iOS) and NoRootFirewall (Android) have logging mechanisms so you can track what goes in/out and what is rejected. I am really looking forward to a NoRootFirewall-app for iOS. Something that creates an internal VPN allowing you to manage it.
Also on my deny list I seek the following which do not appear in the logs right now: segment.com, fiksu.com, youtube.com, redirector.gvt1.com
Other notes:
1) I never use the LastPass browser.
2) When a service has a "lastpass.com" AND amazon/cloudfront/azure, I prefer the "lastpass.com" over the alternatives/load balancers.
Edit: if you see, these are the logs for only 10 seconds. I know that there are multiple "Denied" since the poor thing keeps trying. It is amazing to see it on many other apps (e.g. games) that talk to apjust, appsflyer, doubleclick, duaps, feeldallapps, glispa, mobileapptracking, segment, startappservice, taprica, app-measuremenet, and HUNDREDS more.
> It is amazing to see it on many other apps (e.g. games) that talk to...
The Business/Product side of the app business considers it really important to gather in-app usage information, and they like to use off-the-shelf third-party services to do it. Depending on the service, the SDK enabling use of the service is not necessarily well-behaved. This is to say nothing of SDKs for advertising.
I got it on all my devices, and I use both passowrd vault and secure notes. I just make sure it behaves as I want it to and doesn't tell facebook when do I use it.
A carefully managed firewall and an extensive hosts file is a must.
FirewallIP is what's kept me on jailbroken iOS since the 3GS, but the lack of updates (or responses from the developer) and annoyance of dealing with jailbreaking is pushing me towards Android where rooting is well supported and can be done while keeping the OS up to date.
The solution I've settling on has been AFWall+ to ensure that only a limited set of apps can talk at all, and Netguard to control where those apps can talk. The interface is not as elegant as FirewallIP, but it does allow an easier ability to interactively allow and block specific destinations without firing up a text editor.
"Safari" is the app that does the browsing.
"com.apple.Webkit.networking" is the app that works in the background doing things like the icons refresh. Some other applications also use this "channel" (app) to reach out, and I usually have it on "Deny all". I like it better when apps do their own connections and don't hijack the "backroards".
The only two reasons I jailbreak ALL my idevices(s):
a. Firewall IP
b. Protect My Privacy (PMP)
You literally have no idea what goes in the background when you install and run an app if you don't spy on your phone.
The disgusting part is that even my bank's (NatWest) app, as well as LastPass talk to irrelevant companies when I fire them up, with (my) most hated being Facebook (which is of course blacklisted and added on my hosts file).
For my Android devices I always run "NoRootFirewall" which is a pretty good firewall.
Edit: Both FirewallIP (iOS) and NoRootFirewall (Android) have logging mechanisms so you can track what goes in/out and what is rejected. I am really looking forward to a NoRootFirewall-app for iOS. Something that creates an internal VPN allowing you to manage it.