[go: up one dir, main page]

F-Droid installation on Android triggers communication with Amazon, Google and leaks DNS

  • Device OS and version: Android 9 (LineageOS 16.0)
  • Device model/manufacturer: Google Nexus 6
  • F-Droid version (in the About screen): 1.8
  • F-Droid privileged extension version (if installed):

What did you do? (clear steps if possible)

I updated to the latest version of F-Droid software using F-Droid.

What did you expect to see?

I expected no DNS requests and no communication with Amazon or Google.

What did you see instead?

At the time of the upgrade, I saw DNS requests for the following domains from my device:

amazon.com www.amazon.com play.google.com f-droid.org www.f-droid.org staging.f-droid.org

Unfortunately I have no evidence to accompany my observation, but I know that I'm right. I suspect the first three might have been triggered by:

https://developer.android.com/training/app-links/verify-site-associations

I don't know this for a fact. Would there be a way to work around it if so?

The f-droid.org requests really baffle me, since I have configured F-Droid to use Tor in its options; this should imply that there will be no such requests. Or am I missing something that applies when f-droid upgrades itself?

Thanks for your help!

Jeremy Bentham