Accessing mitmproxy over the Internet (HTTP Digest Authentication?)

I use mitmproxy to run userscripts on my phone (Android) and tablet (iOS). When I’m on my own Wi-Fi, I’ve simply configured proxy settings right on the clients, and it works like a charm.

However, I also want to be able to access the proxy when I’m not home, but I absolutely don’t want it open to the Internet, for obvious reasons. My current solution is to connect to mitmproxy through a VPN tunnel, but that has its problems:

• OpenVPN can’t push proxy settings to Android clients, so I have to route all traffic from my phone at the network layer; hence, I have to run mitmproxy in transparent mode. This means mitmproxy can’t filter traffic properly in general, so some apps are blocked (due to certificate pinning, I think).
• Setup becomes much more complex overall (VPN server, routing, Android VPN toggle tile etc).
• Consumes more battery on the device.
• I have to toggle VPN on and off all the time.

Instead, I would like to be able to set example.com:8080 as HTTP proxy in the Android/iOS settings, even when I’m not home. Granted I’d have to do it for every Wi-Fi where I want access to my proxy (and I’d still have to use VPN when not on Wi-Fi), but that would nevertheless be a pretty big upgrade over my current setup.

As previously mentioned, this would of course only be viable if I could protect the proxy with strong authentication. But as far as I can tell, only HTTP Basic Authentication is supported. Correct me if I’m wrong, but that’s so insecure that I might as well not have any authentication at all, right?

If I’m just missing some vital piece of information, please feel free to point me in the right direction. Otherwise, maybe it would be possible to implement HTTP Digest Authentication support? Or would there be any other way of securely accessing mitmproxy over the Internet?