Yes it is its fonction…
If you start App Lounge the first time there is a question how you want to access Google.
On my phone clients3.google.c o m is contacted when starting & using App Lounge, don’t use it ;- )
i never started App Lounge. Like you can see in my previous screenshot.
@Manoj why are you hiding my Thread and Posts with the reason: “Your post was flagged as spam: the community feels it is an advertisement, something that is overly promotional in nature instead of being useful or relevant to the topic as expected.”
Thats clearly not spam. Its a fact wich anybody can check self!
The system flags posts by new users which contain links. This automated process works in most cases, as we get a lot of spammers. At times, genuine user posts also get wrongly flagged. I have unhidden your post, and it should be visible now.
The Phone is since 2 days unused on the table (still stock, dont installed any app, dont used any app (only contacts)), and still tries to connect to google, now few more domains showed up:
And bcmls2.glpals.co_m is continiously blocked too. DNS Lookup from this domain:
Seems to be from Amazon. Why? The same for gllto.glpals.co_m.
Sadly, until now im disappointed from /e/. For that that /e/ says it is totaly privacy safe, and dont make any connection to other services, it already tried 79 times to connect to these services from google and amazon (log from pihole).
Coming back to this thought …
… as well as seeing this …
… Could you perhaps use the toggles pointed out in the GitLab issue, or uninstall the App Lounge (package name is foundation.e.apps) this way, and have a look whether this changes anything?
Like said, i never touched and started “app lounge”. Not single time.
As you can see in privious posts from me, i blocked like suggested microg and app lounge from internet too. But this didnt seem to help/be the issue.
Sure, i could remove with adb or root all these apps. “App Lounge”, MicroG, etc. But what happens if a update comes over ota? Get this all restored again? Or breaks the updateprocess? Or what happens?
But anyway, this all is only fighting against symptoms. The real issue is, that the devs/founder of /e/ makes statements about /e/ how it safes privacy etc and that /e/ dont make any connection to third party services, wich is in fact not true. its a big lie.
No, as you can see in the linked topic.
The App in question gets deactivated for the current user and isn’t available anymore. Which could then perhaps hint at the App in question being the source of the issue, if the troublesome connections would stop appearing.
Of course . If the App Lounge is causing this on your phone, it would be an acknowledged issue as you can see, which has to be fixed and naturally would better not have seen the light of day to start with.
But nothing can be discussed anymore without everything being a huge conspiracy and a total outrage. Just tiring.
supl should be A-GPS. This could get interesting, too.
This seems to be from microg too.
Could i remove it completly? So it is NOT possible to restore it again (by me or system or who ever). Dont found a option in the manual of adb until now.
Edit: “Removed” or to be right, deactivated anything i could find. “App Lounge”, microg (4 different apps), mozilla, magic earth, nominatim.
But everything is still on the phone. The only difference is, that the system say they deactivated.
beyond1lte:/ $ pm uninstall --user 0 org.microg.nlp.backend.nominatim
beyond1lte:/ $ pm uninstall --user 0 org.microg.nlp.backend.ichnaea
beyond1lte:/ $ pm uninstall --user 0 com.google.android.gsf
beyond1lte:/ $ pm uninstall --user 0 com.google.android.gms
beyond1lte:/ $ pm uninstall --user 0 com.google.android.gms.droidguard
Failure [not installed for 0]
1|beyond1lte:/ $ pm uninstall --user 0 org.microg.gms.droidguard
beyond1lte:/ $ pm uninstall --user 0 com.generalmagic.magicearth
beyond1lte:/ $ pm uninstall --user 0 com.android.vending
beyond1lte:/ $ pm uninstall --user 0 com.reecedunn.espeak
beyond1lte:/ $ pm uninstall --user 0 foundation.e.apps
Failure [not installed for 0]
1|beyond1lte:/ $ [user@titan ~]$
They all still on the device installed.
After a reboot, still makes connection to google and amazon:
In the UI ->settings ->system ->advanced ->microG
switching OFF have to be done in the right order : start from the bottom to the top
Yeah that wasnt possible. Maybe because of a Bug? Because the “On/Off Slider” dont do anything and stands on “on”. Not matter how hard/precise you decide to touch it.
Anyway, like @AnotherElk suggested, i disabled now App Lounge, Microg, and anything else what have to do with it (still researching how to remove it completly instead of deactivating).
About “supl.google.co_m” i found this german blog: Android: IMSI-Leaking bei GPS-Positionsbestimmung ⋆ Kuketz IT-Security Blog
This seems to fix that. Must find out how to edit it with adb as root, because su is not available.
Than i must find out, what on the phone makes a connection to gllto.glpals.co_m.
Edit: Found one place where gllto.glpals.co_m is written:
beyond1lte:/ $ cat /vendor/etc/gnss/gps.xml<?xml version="1.0" encoding="utf-8"?> <hal PortName="lhd" NvStorageDir="/data/vendor/gps/"
LogDirectory="/storage/emulated/0/gps/broadcom/storage" WakeLock="geo" LPmode="false" CpColdStart="false" CpGuardTimeSec="1" CpLppGuardTimeSec="1" CpLppeProvideHighAcc3DPosOnComIECap="true" ReAidingOnHotStart="false" SuplSslMethod="SSLv23_NO_TLSv1_2" SuplEnable="true" SuplUseApn="false" SuplTlsCertPath="/vendor/etc/gnss/gps.cer" SuplTlsCertDirPath="/system/etc/security/cacerts" SuplUT1Seconds="20" SuplUT2Seconds="20" SuplUT3Seconds="20" TcpConnectionTimeout="20" SuplLppCapable="false" LbsEnable="true" LbsServer="BCMLS2.glpals.com" RtiConfig="gllto.glpals.com:80/rtistatus3.dat" HttpSyncLto="true" LbsCellEnable="false" LtoDir="/data/vendor/gps/" LtoSyncThresholdDays="1" IgnoreJniTime="true" AssertEnabled="false" IgnoreFwConfig="false" DisablePglorNmeaCallback="true" GnssYearOfHardware="2016" WakelockAlertSec="1800" EventDumpEnable="true" AttributionAppPkgName="com.sec.location.nfwlocationprivacy"
LogFacMask=“LOG_GLLIO | LOG_GLLAPI | LOG_NMEA | LOG_RAWDATA”
Edit: found supl.google.com. Replaced it in every file with “localhost”. Restarted Smartphone, and now only the two amazon services/domains left.
BCMLS2.glpals.co_m and gllto.glpals.co_m
Changing both now too, and then i report again.
(just for some who curious how i found the domains: on /e/ is luckely grep installed. So grep -rnw / -e supl.google.co_m for example shows every file where this domain is set)
is BCM related to wifi portal ?
It seems not. My Research showed that this, or to be pricise the domain bcmls2.glpals.co_m and gllto.glpals.co_m are domains wich the owner is “PERFECT PRIVACY, LLC”. And that, what they want to host, they host it on amazon aws (wich i cant use, because i block everything wich comes from amazon for example like already mentioned). https://www.whois.co_m/whois/glpals.com
The Domains have something to do with (A-)GPS. Replaced any domain with “localhost”.
If you really believe that /e/OS developer are lying to you, I suggest you raise these queries as part of a bug on Gitlab and take this up with the developers. The dev team will not be coming on this forum to discuss this issue, whereas on the GitLab they can be assigned issues, and we can track it to closure.
supl.google.com is default in AOSP, however will likely be overridden by your SIM/carrier.
It can also be overridden on demand during an emergency call, in order to give the operator your location.
AOSP by default sends along your IMEI/phone number to the SUPL for access control reasons.
In A-GPS MSA mode the SUPL will also calculate your location on your behalf.
glpals is just read-only almanac data for GPS.
There are few replacements for either of these.
This notably downloads and executes proprietary code from Google for SafetyNet.
It is not default enabled in vanilla microG, I hope /e/ didn’t change that.
So even using /e/ Goolag has my IMEI/phone number and possibly location through A-gps?
I had opened a bug for the A-GPS topic one year ago. I think any suggestions or help regarding the A-GPS problem can be added there: GPS daemon tries to access googleapis.com (#2481) · Issues · e / Backlog · GitLab
When can we expect a solution? This is from one year ago… Is this serious? Google tracks location?
@Diana: On one hand it would be interesting why there is no solution yet. So to speak get an update on this matter. On the other hand v1.0 will be released next and officially we are still in beta phase of this product of a non profit organisation. Even with v1.0 we could expect that not all issues are solved. Even big players have a lot of open issues with a v1.0. At this point I would recommend to donate some little amount of money via Patreon. So we could speed up development of this project. I am for myself as ordinary customer/community member do a monthly donation because I know how much money it needs to develop and keep software up-to-date. I think with the size of their team they do extraordinary work. And I hope they do not overstretch their personal capacities. And for the difficulties of this issue please read the conversation on the bug.
By the way - the A-GPS server responding to the requests of the mobile phone depends on the provider of the customized Android software. I think it could be also a Vodafone server for example. And it seems this is hard coded into a special firmware which is separate from the general Android software and closely related to the GPS hardware. The software parts all open Android projects take over from the original phone.
The most shocking part for me is that an unique ID can be sent with it. But it depends on the provider.
supl.vodafone.com IS Google:
host supl.vodafone.com supl.vodafone.com is an alias for supl.google.com. supl.google.com has address 188.8.131.52 supl.google.com has IPv6 address 2607:f8b0:4023:1009::c0
And the code for sending IMSI is open-source and right here!
I brought it up here back in August of 2021: DivestOS vs. /e/ OS - security and privacy easy - #67 by SkewedZeppelin
This nonsense of “/e/ isn’t security focused” is downright harmful.
Stop giving this company money until they actually start caring about your safety.