If you don't want to root your device and don't want to tunnel all your traffic to a VPN server (adds latency) , you can use one of the Android "NoRoot" firewalls that routes app traffic through a local VPN for inspection and filtering. This uses more CPU and battery, but all protection is done within your mobile device. It takes a lot of manual effort to build a policy that blocks undesirable traffic and still lets apps work.
You can tunnel your traffic to a commercial VPN provider, but now you are trusting them to maintain performance and not invade your privacy, and they won't have any visibility to the contents of traffic that is inside SSL/TLS encryption, for better or for worse (e.g. cannot inspect Android apps downloaded as APKs from SSL websites).
Better yet, you can root the device and add your own Certificate Authority and firewall settings. Now you can use your own VPN to ensure all traffic from all applications goes to a remote VPN headend for inspection/modification, even traffic the device thinks is encrypted with SSL. If you have many users going through the same VPN, you can do things with packets and headers to make it difficult for CDNs and ad networks to identify individual users who are all behind the same gateway.
If you have more time than money, you can build up a VPN headend with open source tools (e.g. Squid+SSLbump)., and write policy to block traffic that doesn't meet your security policy, and to log what your device tries to send. You can use header modification to strip out identifying information and cookies.
If you are a business or otherwise have more money than time, the expensive approach is to use a commercial firewall appliance that has a client VPN and URL filtering service (e.g. Checkpoint, Palo Alto, Juniper, F5, etc). You set up the VPN to send all your mobile device traffic through the firewall, and use firewall policy to decrypt SSL, inspect APKs, and block ads. This solution is very effective at blocking ads and undesirable network traffic, and can often detect or block malicious APKs and other attacks.