The other advantage of the ‘tunnel everything’ approach is that you can, if you control the VPN host, run more robust tools for monitoring and filtering what goes in and out.
The situation is a little better than it used to be; but mobile devices are still fairly poor for control of potentially malicious ads and scripts; and (barring certain suitably hacked over Android ROMs) pretty much useless at observing what various ‘apps’ are up to. And, even to the degree the tools are available, running an entire paranoid-network-edge-device on your phone isn’t exactly easy on RAM or battery life. The VPN host, on the other hand, is perfectly suited to running whatever filtering, logging, and rewrite tools you want running border security.
