Seven of the 220 banned apps (Tier 1, including TikTok, Likee, Kwai, UC Browser, FaceU, Hago, and V-Fly) used the Android TelephonyManager.getSimCountryISO() API to read the primary SIM's country code and embed a carrier_region=IN parameter in HTTP requests, enabling server-side identification and blocking of Indian users regardless of source IP or VPN state. A dual-SIM phone with an Indian SIM in the secondary slot only (primary empty or non-Indian) bypassed the check.

For Tier 2 apps (IP geo-blocking only), using a VPN with a foreign endpoint was sufficient to restore access. For Tier 1 apps (SIM + IP geo-blocking), the authors confirmed that (1) removing the Indian SIM card and accessing via WiFi, or (2) intercepting HTTP traffic with a MITM proxy to suppress or rewrite the carrier_region=IN parameter, fully bypassed server-side censorship. The authors note that Indian users primarily rely on mobile Internet, making SIM removal impractical as a user-facing solution.

§4.3, §5 defense

Across four major Indian ISPs (Reliance Jio, Airtel, Vodafone-Idea, and ACT) cumulatively serving more than 95% of Indian clients, the authors found zero network-level interference with 220 banned Chinese apps. DNS resolved to legitimate addresses, TCP and TLS handshakes completed successfully with actual app servers, and responses were served directly by app publishers — not by ISP middleboxes.

§4.2 evaluation

After India imposed a permanent ban in January 2021, seven of the eight previously SIM-only-blocked apps escalated to dual-factor filtering: they continued extracting carrier_region=IN from the SIM card while simultaneously adding IP geo-blocking. Accessing these apps now requires both a VPN (for source IP masking) and SIM removal or carrier_region parameter suppression; MICO Chat remained the sole app using only SIM-based blocking.

§4.3 (Permanent ban subsection), Table 2 evaluation

India's app-filtering architecture is three-tiered: 136/220 apps (Tier 3) are inaccessible only via official app stores and trivially accessible after sideloading; 23 apps (Tier 2) additionally enforce IP geo-blocking; and 7 apps (Tier 1) combine IP geo-blocking with SIM-based locale detection. One outlier, ChessRush, restricted content at CDN edge servers serving Indian users, requiring both a foreign source IP and a foreign CDN edge server (via foreign DNS resolver) to bypass.

§4 (Summary), §4.3 evaluation

IRBlock discovered that 1.7M of 3.3M blocked apex domains (52%) were attributed to blanket suffix-level blocking rules rather than individual domain listings. Examples include regex patterns targeting all Israeli domains (.il TLD), adult content (.porn), and country-coded suffixes (.com.mx, .my.id). Of 87K Tranco-ranked apex domains analyzed, 37% fell into adult content, with entertainment and gambling following. Approximately 1.27M apex domains were jointly censored by both DNS and HTTP filters, while the two filters maintained operationally independent blocklists for a significant fraction of domains.

2025-tai-irblock §5.3 dns-poisoningip-blockingkeyword-filtering

GFWeb tested 1.02 billion domains against the GFW over 20 months and discovered 943,000 pay-level domains blocked by HTTP filters and 55,000 by HTTPS filters — the largest GFW blocklist dataset ever published. The HTTP-to-HTTPS ratio (17:1) confirms that the GFW's HTTPS keyword-based and SNI-based blocking covers far fewer domains than its HTTP host-header blocking, likely because HTTPS blocks carry higher collateral-damage risk.

2024-hoang-gfweb Abstract, §5.1 dpidns-poisoningip-blockingkeyword-filteringsni-blocking

The largest measurement study of Turkmenistan censorship to date tested 15.5 million domains and found more than 122,000 domains censored using separate blocklists for DNS, HTTP, and HTTPS. Reverse-engineering the blocking rules revealed approximately 6,000 over-blocking rules that cause incidental filtering of more than 5.4 million additional domains — a 44x collateral damage ratio relative to intentionally blocked domains.

2023-nourin-measuring §Results dns-poisoningdpikeyword-filteringip-blocking

The COVID-19 Wuhan lockdown caused geolocating Twitter users in China to increase 1.4-fold immediately, remaining 10% above pre-crisis baseline long-term; approximately 320,000 new Chinese users joined Twitter due to the crisis, and the available VPN application's ranking on the Chinese iPhone App Store jumped significantly around 23 January 2020 and maintained that elevated rank.

2022-chang-covid-19 Crisis Increased Censorship Circumvention ip-blockingdns-poisoningkeyword-filtering

In countries with no Great Firewall-equivalent censorship (Germany, Italy) and in less-censored authoritarian states (Iran — Persian Wikipedia; Russia — Russian Wikipedia) that experienced comparable COVID-19 outbreaks, no analogous spillover to politically sensitive content was observed; Wikipedia engagement in those countries increased generally but did not show disproportionate access to historically censored topics, confirming the gateway effect is specific to high-censorship environments.

2022-chang-covid-19 Comparison with Other Countries Affected by the Crisis / Table 1 ip-blockingdns-poisoningkeyword-filtering

Once mainland China users circumvented the Great Firewall during COVID-19, they disproportionately followed politically sensitive accounts: international news agencies at 1.31x the expected rate, Chinese citizen journalists at 1.42x, and political activists at 1.23x — all relative to Hong Kong users as a control — while state media accounts saw only a 1.06x increase and entertainment accounts a 0.85x decrease, confirming a selective gateway to censored political content.

2022-chang-covid-19 Crisis Provided a Gateway to Censored Political Information / Types of Twitter accounts ip-blockingkeyword-filtering