search

ConnectSDK / Connect-SDK-Android

Android source project for Connect SDK
Apache License 2.0
308 stars 130 forks source link

Does the library use some Tracking link? #401

Open theduc0x opened 1 year ago

theduc0x commented 1 year ago

My application used several libraries, including this one. And now Google has sent me a notification that there is an error related to Tracking via a link http://atracking-auto.astrodsp.com/ . Is it because of this library? Hoping to get everyone's answers

casolorz commented 1 year ago

I doubt it comes from this library. It is used by a lot of app.

I'm curious, was it an apk rejection or worse?

If you do find out if some ad network or other sdk is doing that please report back so we are all aware of what not to use.

theduc0x commented 1 year ago

I've been releasing the app for about 5+ months. Currently, google sends the following information: https://i.stack.imgur.com/8vt5q.png Currently, I still can't find out which library this tracking link comes from, it seems to be encrypted too

casolorz commented 1 year ago

It's probably an ad network. Hard to know which.

theduc0x commented 1 year ago

Did you find it anywhere?

theduc0x commented 1 year ago

for example if i use this way can i prevent this error ?

`<?xml version="1.0" encoding="utf-8"?>

atracking-auto.astrodsp.com `
casolorz commented 1 year ago

That's a really clever solution to that issue. Thank you for sharing. We should create a list of domains with that issue. For me it was http://vad-bid.adsrvr.org/

Do you know which ad network did it? Do you by any chance use InMobi? I'm not certain it was them but I disabled ad networks one by one until I found that domain being used.

theduc0x commented 1 year ago

i don't think my problem is with the ad network, because i only use the ads of "google play service", and it seems this library does not use any ad networks

casolorz commented 1 year ago

That is odd however the cleartextTrafficPermitted docs say that AdMob will obey that. I took that to mean that they will enforce https if it is false.

Have you been able to capture that specific call? You could remove third party libraries until you figure out which one did it.

theduc0x commented 1 year ago

actually I still don't know where that call is coming from. And this error is detected and warned by google, so I can't try to remove each library by myself. I fixed this library and removed most of the "implementation" in it. And I'll try updating it to Google Play and if Google still warns me I'll keep looking