I got a new Hisense A5 phone (pretty interesting, it has an eInk screen), but it has a lot of extra apps that seem to track and phone home, contacting to qq, taobao or baidu domains.

I disabled a bunch of them, but I still saw some connections, so I decided to kill two birds with one stone, and set fixed DNS servers to NextDNS and filter all tracking and unwanted domains.

Since Android 9 you can set a global "Private DNS" (DNS-over-TLS) to force DNS requests to go there, but I've found Hisense removed that option from their ROM (that seems to be called Vision). I don't know if I should be paranoid and think about China government intervention, or it's just the company trying to force you into their tracking and ads, but I wanted to change that option.

But seems that, although that option is not visible, it's still in the underlying Android system, so you can set it up with adb, even without root.

To do that, first get your phone ready to use adb:

1. Enable developer mode (Normally you would click several times in "Kernel Version" in your "About phone" section in settings)

2. Enable USB debug in your phone (In a newly activated "Developer options" menu around your settings)

3. Connect to your computer through a usb cable

4. Install adb, i.e. with the Debian package of the same name ;)

5. Run adb devices to verify you can connect to your device, and check your phone for confirmation dialogs

Now, to set the dns, for example, with Cloudflare's DNS over TLS, run this two commands:

adb shell settings put global private_dns_mode hostname
adb shell settings put global private_dns_specifier cloudflare-dns.com

To disable:

adb shell settings put global private_dns_mode off

In my case, I use NextDNS with a custom configuration, and instead of cloudflare-dns.com I use something like xxxxx.dns.nextdns.io.