Since there’s no maintainer to contact nor is there an issue tracker, I’ll just post this here hoping the person who works on it can get it fixed.
IceCatMobile calls home completely ignoring proxy settings (it however respects the remote proxy DNS setting, leaking your real location to the CDN companies!) to:
icecat.settings.services.mozilla.com
icecatmobile-catalog.cdn.mozilla.net
(Edit #2: The above domains are invalid, although the DNS provider would be pleased to know your taste in browsers. Edited topic to reflect this. Unsure if it calls the other addresses below.)
Also found left over in the code is:
incoming.telemetry.mozilla.org
(Firefox Accounts OAuth domains: lcip.org, api.accounts.firefox.com)
This proxy leaking behavior has been with us for a while (and in the prior and current IceCatMobile versions where even favicons for proxied sites would be pulled by your real IP) but I’m not bothered to deal with Mozilla and their tendency to WONTFIX so it would be appreciated if someone could start an issue on their tracker.
(Edit #3: There are several similar reports on their tracker and they are all marked “resolved”. The devs made the idiotic decision to have the Android system calls fetch the files instead of the browser and as always they refuse to fix it even though it’s a critical bug. Additionally marked [“wontfix”] for version 68 (1562394 - can't access favicon files on password protected site after authentication).)
An (incomplete) mitigation for the rest of us users:
Render the URLs in /data/app/org.gnu.icecat-*/oat/arm/base.vdex invalid with a hex editor (e.g. replacing the URL with spaces). They’re all clumped together after the first “https://”.
Note this only stops the browser from requesting DNS for the invalid domains. It will still leak favicon, typed URL bar text (to the default search engines) and other browser internal requests.