Even if the mod works for a day, Google Play Protect (which runs automatically on modern Androids) will eventually flag the app as "Harmful." It will either quarantine the app or delete it, resetting all your work.

Going forward, carriers are moving toward and network slicing , where hotspot data is assigned a separate, un-hideable network slice. This means hardware-level enforcement that no software mod can bypass.

If your built-in settings are locked, several reputable apps on the Google Play Store

Carriers use to detect tethering. They look for changes in Time-to-Live (TTL) values on packets. When you tether, the TTL changes by one hop. Even "hidden" tethering mods leak this signature. Modern carrier networks are very good at finding it.