kasnder
commented
3 years ago The reason is that TrackerControl ships a list of malicious domains --- to block them.
Open Tycho-S opened 3 years ago
kasnder
commented
3 years ago The reason is that TrackerControl ships a list of malicious domains --- to block them.
Tycho-S
commented
3 years ago Ahh I understand. Funnily enough Lookout itself does the same thing :)
But perhaps this could be somehow encrypted or otherwise made unreadable (even base64 encoding should work :) ) so that it's not being detected? They are unfortunately unwilling to unblock the application because they feel it's poor programming practice to include them in clear text. I don't agree with this but I can't convince them.
I can't not use Lookout because without it I'm not allowed to access any work resources, and I'd really like to have privacy as well :) I could use a separate phone for work but I'd prefer not to. Thanks for clarifying where this comes from though!
kasnder
commented
3 years ago I'll definitely look into this. I've actually already reversed the text for some of the files, because some antivir programs wrongly said that TC would contain trojans.. #30
Tycho-S
commented
3 years ago Thank you! I've been testing it regularly so far (with every update), but I can't keep doing it for now. Could you update the issue when it should be fixed? Then I can try it again. In any case the 25th of May version on Fdroid still does this.
Every time I try it, it logs a security incident with our SOC (Security Operations Center) because it triggers on some of the malware "Indicators of Compromise" (e.g. URLs or binary data present in those trojans) that you're checking for. And some of those are pretty bad ones. So the security team thinks my phone is actually compromised and will block my access.
I took to testing it on a separate phone that's not assigned to my account but it still gets flagged to our security team :(
It would be great if you could make those URLs unreadable, as it is really a great app and I'd love to use it. I was using DNS66 before but it doesn't have any control per app (e.g. allowing essential traffic but no data) and doesn't show what it's flagging at all in general. Tracker Control is a really great app, I just can't use it right now because I need the work stuff on my phone too. I like the map view too.
kasnder
commented
3 years ago Thank you! I've been testing it regularly so far (with every update), but I can't keep doing it for now. Could you update the issue when it should be fixed? Then I can try it again. In any case the 25th of May version on Fdroid still does this.
Every time I try it, it logs a security incident with our SOC (Security Operations Center) because it triggers on some of the malware "Indicators of Compromise" (e.g. URLs or binary data present in those trojans) that you're checking for. And some of those are pretty bad ones. So the security team thinks my phone is actually compromised and will block my access.
I took to testing it on a separate phone that's not assigned to my account but it still gets flagged to our security team :(
It would be great if you could make those URLs unreadable, as it is really a great app and I'd love to use it. I was using DNS66 before but it doesn't have any control per app (e.g. allowing essential traffic but no data) and doesn't show what it's flagging at all in general. Tracker Control is a really great app, I just can't use it right now because I need the work stuff on my phone too. I like the map view too.
Very sorry to hear this. It seems to me though that this would require a major update to the code base, and I'm not sure if I'll find the time to do this soon. I'll let you know once I've found a way around!
I tried installing this on my phone which is also used for work in a BYOD (Bring Your Own Device) scenario.
However, the app was blocked by our security solution Lookout for Work. We raised this to Lookout as this app is not malicious but they objected with the following reasoning:
"The security team have confirmed that these are legitimate detection. We detect this app as a 'Trojan' because the app lists known malicious indicators in its assets directory. Having malicious IOCs in clear text is considered a poor programming practice and should be avoided."
I'm not entirely sure what they mean by "malicious IOCs", but perhaps you could take it into account.
By the way the malware identifiers they are detecting are "SandroRat" and "YouzichengProxy". I think what this means is that it's using network interception code also used by many trojans, which leads to this identification.