This “app tracking protection” is just a DNS filter. You can achieve the same by setting a filtered DNS resolver like base.dns.mullvad.net in the Private DNS options.

Auditor just verifies that your installation of GrapheneOS is real and unmodified, meaning it hasn’t been tampered with by an attacker or corrupted in any other way.

I would recommend using a VPN. That’s also why I prefer the DNS filter over something like app tracking protection, since it doesn’t occupy your VPN slot. GrapheneOS only improves the actual Wi-Fi connection privacy (by randomizing your Wi-Fi MAC address), but it has nothing to do with the data transmission over the Wi-Fi network. That’s what you need a VPN for. You can check out this comment about the Pros and Cons of VPNs, as well as the criteria for picking a good and trustworthy VPN provider: https://lemmy.dbzer0.com/comment/15631872 Here’s some more advice about VPNs: https://www.privacyguides.org/en/vpn/

Idk if good idea and this needs root try to change the etc/hosts you can find some online.
The only con is it needs to be updated manually and requires root
You can use AdAway to do it automatically for you

Tracking protection on every app is best done via custom DNS. Since you successfully installed graphene OS, you can probably follow instructions well enough to set up a few DNS servers.

Personally, I have a few adguard -> unbound (unbound set as a recursive resolver) and then adguard set up with block lists at varying levels of strictness.

1. A very lax instance for my router as to not break the internet for anyone on my WiFi.
2. A few setup strict for my devices (phone, TV etc). Personally I keep the TV on a different instance as its super chatty and I don’t want it muddying up my stats for other devices
3. I have a separate one that services my IoT devices

If you don’t feel like setting up adguard/unbound you could use nextdns or adguard hosted, but local control gives you the most configurability and privacy, depending on your threat model.

Edit: unsure why I’m being down voted. All duckduckgo is is an app that acts as a VPN and blocks traffic to trackers. Why use their blocker when you can use your own, and have it for all of your devices, not just your phone?

I’ve been using Graphene for a while. Here are some things i’ve changed and found useful:

I really like the storage scopes feature. Whenever an app requests access to storage/contacts, i setup scopes for it. This feature alone makes me never want to leave Graphene.

I also really like the random mac adress feature. Whenever i connect to wi-fi, my mac adress gets randomized to appear as a different device, (except on my LAN, otherwise, my router would be flooded with different devices that in reality, are the same).

Multiple profiles is also a nice feature. I’ve used them before, but now i just use everything under the root profile, even Google services. Since they run in a sandbox, i’m ok with it. This is probably something you want to avoid if your threat model requires you to, but i have found that for banking apps, it was a major drawback for me, that i had to switch profiles everytime i wanted to acess them. And even worst, if i wanted to send documents over e-mail, since my e-mail was on my non-Google profile, it was very annoying, so, i simply went with everything under root.

The on/off toogle for camera & microphone is also really nice. I use it all the time.

I’ve also set a 1 min timer to disable my wi-fi when i have no active connection, (e.g when i leave my house).

I’ve changed my DNS to a more private one, (currently using family.dns.mullvad.net).

On settings, if you go to NFC, you have an option to request device unlock to use NFC. I’ve set this to on, dispite having NFC off all the time.

Best tip i can give you is this…

https://discuss.grapheneos.org/

Make an account there and find all your answers. The community is VERY knowledgeable. Good luck