I tend to avoid to install apps that require permission for unnecessary internet connection.
I’ve used Tracker Control and for apps without internet access it says they still might track you by exchanging data with other apps.
How do you know if such thing is happening? I couldn’t find any related info online.
I’ve also used Immuniweb to test the level of security and privacy of apps. The last section of analysis is Mobile App External Communciation. Surprisingly some apps that don’t require internet access seem to connect to remote hosts.
Do you find it convincing?
I haven’t read the full report yet but would check that later.
You can use a firewall like Netguard and block all, then look at those apps details…to find out if they try.
Also, yes they could exchange data, eg. save in /storage/ or they can use Webview to access the internet, so be sure to block Webview from access too in the firewall (manage system apps in settings).
If you have Play services…they can and they do use that too, but these are not FOSS, you won’t find F-Droid apps that do this.
Like I mentioned basic static analyzers can easily falsely flag that an app is connecting to Facebook, when really it is just using a safe and open source library that Facebook made.
If you can actually observe the app connecting to Facebook, and the app isn’t Facebook itself, then I would strongly avoid it.
TrackerControl is a UI wrapper on top of NetGuard. I believe, it does hide away a lot of advanced NetGuard feature-set and presents its other features in a, imo, better UI. For that reason, I don’t think there would any discrepancies in what TrackerControl would filter vs what NetGuard might.
I have found that some apps, even when blocked by a firewall app like AFWall+ (root) or NetGuard (non-root) can still access the internet though Google Play Services (includes Google Services Framework). Rumor is apps can also access the internet via Google Play Store, Chrome, Calendar & Contacts sync, or the Google app. I have all of these blocked and have background sync turned off and have no internet access problems with blocked apps.
Google Play Services is required if you use Google Maps. What I did was allow it access while I browsed maps I wanted cached, then I blocked access again. Be aware that on some devices if you clear the entire device cache you also clear your cached maps.
What do you mean by “without Google Play Services”? If Play Services is not installed on the device then maybe there’s a fallback to not use it, which would be useful. What OS are you using?
A lot of them were just expected things.
I also think it treats linked items as “external communications”.
Some of them I wouldn’t expect to find in the F-Droid version, like Dropbox.
Might check myself later.
Attached is a screenshot of the page since it doesn’t allow linking.
Seems like no linking. You can search Osmand in and it will show you the result Mobile App Security Test | ImmuniWeb
(The full report doesn’t go into details about external communication.)
I don’t know much about coding or app components (?), but some of the hostnames like weibo, sina look … interesting. Would like to hear some description
Also there are apps that have few or 0 external communications from, so I don’t think it just extract URL from APKs. Correct me if I’m wrong
