Wikipedia Tracking antifeature

The wikipedia app has the tracking antifeature since forever. It has a opt-in tracking functionality and an opt-out crash reporting. What I couldn’t figure out so far is if the crash reporting, even if enabled gives the user a chance to review and not upload the report? If that’s the case I’d argue that we don’t need the antifeature.

Anyone knows anythig about this? Someone wants to investigate?

TrackerControl (which, incidentally, is pretty neat) finds that the Wikipedia app is contacting a tracking site…

… even though the settings to enable tracking are off in my Wikipedia app:

It could be a false positive, because all TrackerControl does, I believe, is monitoring connections to sites known to be recipients of tracking data, but upload.wikimedia.org is probably home to a lot of completely innocuous stuff as well. Still, it’s not wikipedia.org, and it made those connections as soon as I opened the app, without doing anything special, so I’m not entirely sure why it’d need to contact upload.wikimedia.org. And then if I do use the app a bit, like by just going into the settings or scrolling the home page, the number of packets shown increases.

1 Like

I’ll take that as a clue to definitely keep the tracking antifeature for now.

It would be nice to either dig into the traffic of what’s it sending exactly or talk to wikipedia devs about it. mitmproxy is your friend if anyone wants to try.

Which one is at fault or they use the same domains for analytics?

Eg. maps.* and upload.* share the same IP

Can you explain what we can see in that picture?

(Not a speaker of Romanian (?) and not a user of netguard)

The domains it tries to connect to are listed down there.

They are red because they are not allowed to connect.

(Interesting, I created an account here to ask this same question.)

upload.wikimedia.org is the domain that contains all the pictures, videos and other media in Wikipedia articles. For example you have a page with the picture at https://commons.wikimedia.org/wiki/File:Pyrit_01.jpg but the picture itself is located at https://upload.wikimedia.org/wikipedia/commons/4/43/Pyrit_01.jpg

I don’t know if this domain also contains tracking.

I have asked a question on Wikipedia at https://en.wikipedia.org/wiki/Wikipedia:Help_desk#Wikipedia_mobile_app_-_tracking

1 Like

fyi , I have listed all apps, which like wikipedia, have some Exodus trackers :

btw, also noticed that com.marv42.ebt.newnote_19.apk is uniquely not dexdump compatible (?):

dexdump -d com.marv42.ebt.newnote_19.apk
Processing 'com.marv42.ebt.newnote_19.apk'...
E/libdex  (13186): ERROR: unsupported dex version (30 33 39 00)
E/libdex  (13186): ERROR: Byte swap + verify failed
ERROR: Failed structural verification of '/tmp/dex-temp-13186'

So you can answer:

(our wiki is no longer updated) the correct antifeatures page is this: https://f-droid.org/en/docs/Build_Metadata_Reference/#AntiFeatures

apps that just happen to update without bothering you about it

Do note that given the Android security features an app can’t just update itself from outside the F-Droid.org anyway (except apps that build reproducibly but those are rare now)

@oF2pks so Wikipedia uses Hockey SDK tracking? Damn, I was hoping this was a false positive.

My question on Wikipedia has been swallowed up by their archiving system. I’m guessing “Help Desk” was not the right place to ask…

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Mastodon