Suspicious redirects across browsers

Not sure if it’s an /e/ issue per se, but since it’s happening on /e/ I’m posting here first.

Samsung S9, /e/OS 0.20-20211210151039

My main browser is Bromite updated from the official third-party F-Droid repo, but all the browsers I checked are affected: Brave, FF, stock /e/ browser.

I use ustart_org (dot instead of underscore, “new users can only put 2 links in a post”…) as my start page and today I noticed that when I go to ustart_org, I get redirected to google_ru, both http and https. I didn’t notice any such redirects for any URL addresses other than uStart.

It only seems to affect the base address – when I go to - YOU Start!, there is no redirect.

What worries me is that it’s only happening on that one Android device with /e/ – everything works normally on another one with LineageOS and on my desktops.

Since all browsers are affected, I’m thinking this must have been some kind of system-wide change, but not sure what could have introduced it. No idea why RU, either, of all Google domains.

Any ideas on how to investigate it further and fix? TIA.

It works as expected for me using Bromite on both Xperia Z3 and Z5 Compact , running e/OS/ v0.22-r: I a redirected, but to the default ustart page

Sounds like there is a problem with your device. I would be tempted - after taking a TWRP, or other backup - of your data partition - to do a ‘wipe and install’, and see if the problem still occurs. If it does, then something very strange is happening. If it does not, then try restoring your backup.

I don’t know how well TWRP backup works on your device: it’s fine on my Sony devices, but on Samsungs… who knows :slight_smile:

1 Like

Thanks for checking and advice, @petefoth!

I’ve just finished playing with MVT to rule out any malicious factors and actors. Nothing definite because it’s only a check of installed APKs against known malware and SMS backup against IOCs, but oh well, a good learning curve.

Not too keen on the idea of having to wipe and restore everything (I’m not saying it’s a bad idea, though!) so for now I’ve worked around that redirect by simply switching ustart_org to https_www_ustart_org/index_smart.html#2 as the homepage – will wait for the next /e/ update and see if that puts things in order and will keep an eye on the browsers behaviour in the meantime.

Edit: @Manoj, sorry to call you out like this but how come that posting is restricted for me as a ‘new user’ after being around here for over two years? ^.^

After a long period of inactivity user level go down to basic levels.

Just a note that browser updates don’t have any effect on the issue. Still waiting for a system update to come.

Meanwhile, any idea where such a redirect could be defined at a system level, anyone?

what’s your DNS provider? default of the router? one you set yourself, or an app? DNS has your trust, so if no one else can reproduce the redirect, it can very much be the DNS server.

Edit: just for confirmation, the apex domain redirect is proper, no google ru redirect for me

Wouldn’t it affect all my devices connected to that routher then, though? Plus, I use a VPN, the issue is there regardless of whether I’m connected with or without it.

if it’s the router default DNS then yes, all should see it. Regardless of VPN, if you have DNS servers configured statically then those will be the same. If you post the DNS that is shown at both on normal connection and VPN I can check if there is a difference in the dns query result for

This topic was automatically closed after 27 days. New replies are no longer allowed.