Quote:
Originally Posted by jlark
FYI, ContentBrowser (the home launcher) phones home a lot. It:
1. sends this raw data
Code:
{"last":null,"oauth_key":"LYCAODjoVdRJjXYCwrxxxxxxxxxxxxxxxxxxxxxx","installation_id":"23cd4e14-3916-4095-xxxx-xxxxxxxxxxxx","v":"a1.3.1"}
to port 8253, to IPs such as 54.85.229.50 and 54.85.232.127 (which is rather interesting because whois says they belong to facebook).
There seems to be no reply from the server, it just listens on that port very much passively.
2. tries to connect over https to IPs such as 52.71.214.56 / 52.72.210.46 / 54.84.40.56 / 54.88.251.91 / 54.152.122.98 etc., which are all amazon ec2 instances, with a twist: their only open ports are 443 and 8253.
I didn't manage to intercept that traffic, but I'm sure it's connecting to `api.parse.com`, as it's the only DNS request that stands out and the ip range seems to match.
3. POSTs binary data to `http://alog.umeng.com/app_logs`, with the headers:
Code:
X-Umeng-UTC: 1464282824227
X-Umeng-Sdk: Android/5.5.3 ContentBrowser/+(10555+-+980869c)+Max/4.0.4+B3581136xxxxxxxxxxxxxxxxxxxxxxxx
This seems to be an apache thrift binary message, but I didn't bother to set up a server and decode it. Incidentally, umeng is listed in this popular hosts file.
[xxxs are my attempt at anonymisation] |
I'm not able to understand all your information.
Do you think that our privacy is in danger? The Google Account, for example?
Could we block it with a virtual VPN on the Onyx Boox?