Hello. I’m planning to write a little research article about /e/OS’s privacy. I’ve analyzed traffic, generated by /e/OS and found some interesting requests to unknown hosts:
DNS-name
IP-address
Protocol
Data
cloud(.)blazing(.)de
85.220.190.246
QUIC
Protected payload
app(.)goo(.)gl
142.250.185.142
TLS
Protected payload
path2(.)xtracloud(.)net
54.70.12.181
TLS
Protected payload
xtratime(.)xboxprod(.)xtracloud(.)net
35.91.218.188
QUIC
Protected payload
This connections aren’t appear, when I add my custom CA to system. All another connections decrypted and seems to be valid.
I’ve read docs about /e/OS connections described here:
But there are no any information about described connections. Please, give me any information about sending data to this domains and why it happens. Thank you.
Pl raise an issue with these details in Gitlab. Some calls were detected and removed earlier. With an issue, the developers can contact you for additional details regarding these calls.
is correct, it is the GPS service with UID 1021. hope the developer team can work with it.
Unfortunately you can’t find it in e/os under system apps!
and since it is a system service, deactivation of GPS in my opinion will not lead to success.
Perhaps my post was too cryptic. I think and apparently confirmed further up the thread …
… A-GPS causes the leak. Pure GPS should not leak … but are you suggesting pure GPS fails on this device? Network location is alternatively important to provide a “quicker start” for some GPS jobs / apps.
On previous devices and previous Android versions (Q+R) A-GPS was off by default, I seem to remember. But users tended to complain that GPS did not work.
“Remember GPS” in microG > location stores data on device and also helps GPS to become productive quicker. Many devices should work without A-GPS, imo.
Ofc I am only talking of a small part of the issues raised in Post #10
It is absolutly not a bug. Possible the “bug” is that it possibly should have been disclosed.
However, the device is a smartphone, data absolutly will be transferred in and out to external systems, on the public internet. It is it’s whole job. You can’t stop it and still claim to have a useful device.
As it says at the end of the article I linked to
“If your life depends on not being tracked through your phone, don’t use a phone.”
It probably dependa on how long the already-downloaded a-gnss almanac is valid for, and if you’re using othe methods of location determination. Having done some gps work on the pinephone it can take 15 mins to get a location reading when trying to gather information from the sattelites alone.
I also don’t know if your phone supports the other gnss constalations. They have their own almanacs I think.