What does the (system) app "root" do?

In NetGuard I see that an app called “root” is trying to connect to the internet, in particular to the domains “mirror.cyberbits.eu” and after I used Threema for a bit to “g-80.0.threema.ch”. So far I have blocked these connections.
Can you say what this app does and why it connects to the internet?
When searching for “root” all discussions involve rooting my phone which this question is (hopefully) not about.
I think I have not rooted by phone, at least not consciously.

I suspect that it is not a e/os specific question because I’ve found those questions which unfortunately didn’t get a (satisfying) answer.

Maybe you can more generally answer, where I can find a general description of all system apps, something like man on Linux.

Update: it also tries to connect to my calDav-provider website (selfhosted website). So it looks like other apps like DAVx5 use “root” to connect to their respective destinations. Still it’s totally unclear to me, why, how and what “root” does with it.

1 Like

I don’t see an App called “root” … App list including system Apps …

/e/OS 1.3-q-20220825213388-dev-FP3

You’re right. I don’t see it in the apps list either. So this answer that says that it’s not an app but the root user, seems to be right.

Then the question is: what does it mean when this root user tries to access the internet and how can some apps (DAVx5, Threema) use this user?

Off-Topic:
(For some reason I was not able post the stackexchange link as a link, but now it’s possible:
Before I press “Save Edit” a blue box appears at the right of the editing window with the text.
„It looks like your link to android.stackexchange.com was already posted in the topic by @flukx in a reply on Oct 16, '22 – are you sure you want to post it again?“
At my first try to post this message, an information box popped up saying something like “this link to this host is not allowed”, I cannot reproduce it now.)
(Could the person that flagged the post as spam please explain why it is spam, please?)

I think this was your link @flukx

It is a bit odd, are you able to provide a screenshot or some more detail of how this message appears?

… it was probably automated!