search

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!
GNU General Public License v3.0
5.92k stars 201 forks source link

Mobile Tracker & Telemetry #794

Closed norilana closed 1 year ago

norilana commented 1 year ago

Which domain(s) should be blocked?

Samsung

api.omc.samsungdm.com samsung-directory.edge.hiyaapi.com sun-apps.sfr.com capi.samsungcloud.com gos-api.gos-gsp.io dir-apis.samsungdm.com api.gras.samsungdm.com pinning-02.secb2b.com eu-kaf.samsungknox.com sg-kaf.samsungknox.com us-kaf.samsungknox.com in-kaf.samsungknox.com sspapi-prd.samsungrs.com fota-cloud-dn.ospserver.net dms.ospserver.net sdk.pushmessage.samsung.com us-api.mcsvc.samsung.com sg-api.mcsvc.samsung.com eu-api.mcsvc.samsung.com in-api.mcsvc.samsung.com us-rd.mcsvc.samsung.com sg-rd.mcsvc.samsung.com eu-rd.mcsvc.samsung.com in-rd.mcsvc.samsung.com ie-odc.samsungapps.com app.tr.adjust.com app.us.adjust.com www.ospserver.net app.adjust.com adjust.com

XIAOMI

tracking.intl.miui.com api.sec.intl.miui.com api.ad.intl.xiaomi.com update.intl.miui.com fr.register.xmpush.global.xiaomi.com find.api.micloud.xiaomi.net data.mistat.xiaomi.com sdkconfig.ad.intl.xiaomi.com mcc.intl.inf.miui.com global.market.xiaomi.com moaps.tmo.net

HUAWEI

query.hicloud.com configserverdre.platform.hicloud.com servicesupport.hicloud.com shepherd.sb.avast.com apkrep.ff.avast.com mvconf.cloud.360safe.com mclean.cloud.360safe.com pebed.dmevent.net dmxleo.dailymotion.com telemetry.api.swiftkey.com in.appcenter.ms

REALME

esa-reg-eup.myoppo.com ifotaeu.realmemobile.com ifotaus.realmemobile.com ifotasg.realmemobile.com ifotain.realmemobile.com

Why should the domain(s) be blocked?

Mobile os telemetry possible logs or analytics data loader

https://www.scss.tcd.ie/doug.leith/pubs/additional_material_neversleepingears.pdf

hagezi commented 1 year ago

Thanks, I'll take a closer look. But it will take a little while.

norilana commented 1 year ago

@hagezi

You can start by adding to aggressive lists that will likely interrupt device updates and personal use.

Telemetry fields should be added to all hagezi versions. api.omc.samsungdm.com samsung-directory.edge.hiyaapi.com sun-apps.sfr.com in.appcenter.ms pebed.dmevent.net apkrep.ff.avast.com

ghost commented 1 year ago

some of them are already blocked

hagezi commented 1 year ago

Yes, and there are some system endpoints that are very likely to limit or break functionality. The report shows in detail what is being transferred. But just because the domains are in the report they are not blindly blockable. That's why I have to look at this very carefully and do some research. This is very time consuming.

I can't really imagine that much blockable is missing in Ultimate. But, who knows.

hagezi commented 1 year ago

In Ultimate blocked:

capi.samsungcloud.com
gos-api.gos-gsp.io
dir-apis.samsungdm.com
sspapi-prd.samsungrs.com
sdk.pushmessage.samsung.com
app.tr.adjust.com
app.us.adjust.com
app.adjust.com
adjust.com
tracking.intl.miui.com
api.sec.intl.miui.com
api.ad.intl.xiaomi.com
fr.register.xmpush.global.xiaomi.com
find.api.micloud.xiaomi.net
data.mistat.xiaomi.com
sdkconfig.ad.intl.xiaomi.com
mcc.intl.inf.miui.com
servicesupport.hicloud.com
shepherd.sb.avast.com
mvconf.cloud.360safe.com
mclean.cloud.360safe.com
dmxleo.dailymotion.com
telemetry.api.swiftkey.com
in.appcenter.ms
esa-reg-eup.myoppo.com

DEAD domains:

configserverdre.platform.hicloud.com
eu-api.mcsvc.samsung.com
eu-rd.mcsvc.samsung.com
ifotaeu.realmemobile.com
ifotain.realmemobile.com
ifotasg.realmemobile.com
ifotaus.realmemobile.com
in-api.mcsvc.samsung.com
in-kaf.samsungknox.com
in-rd.mcsvc.samsung.com
sg-api.mcsvc.samsung.com
sg-kaf.samsungknox.com
sg-rd.mcsvc.samsung.com

Not blocked:

api.gras.samsungdm.com
api.omc.samsungdm.com
apkrep.ff.avast.com
dms.ospserver.net
eu-kaf.samsungknox.com
fota-cloud-dn.ospserver.net
global.market.xiaomi.com
ie-odc.samsungapps.com
moaps.tmo.net
pebed.dmevent.net
pinning-02.secb2b.com
query.hicloud.com
samsung-directory.edge.hiyaapi.com
sun-apps.sfr.com
update.intl.miui.com
us-api.mcsvc.samsung.com
us-kaf.samsungknox.com
us-rd.mcsvc.samsung.com
www.ospserver.net
hagezi commented 1 year ago

Breaking:

api.gras.samsungdm.com - Initial device setup wizard api.omc.samsungdm.com - Services/Device Settings dms.ospserver.net / www.ospserver.net / fota-cloud-dn.ospserver.net - Firmware Updates eu-kaf.samsungknox.com / us-kaf.samsungknox.com - Services/Knoxguard global.market.xiaomi.com - App updates ie-odc.samsungapps.com - App updates pinning-02.secb2b.com - Samsung Knox query.hicloud.com - Firmware Updates samsung-directory.edge.hiyaapi.com - Samsung Directory update.intl.miui.com - Firmware updates *.mcsvc.samsung.com - SmartThings - https://github.com/hagezi/dns-blocklists/issues/273

Blockable:

apkrep.ff.avast.com - Logs app details when a new app is installed moaps.tmo.net - Log Events (enabler activated) Xiaomi pebed.dmevent.net - Advertisement sun-apps.sfr.com - Logs device telemetry

norilana commented 1 year ago

If they are already blocked sorry for disturbing I have no doubt that you will make the right analysis.

MagicalAlchemist commented 1 year ago

@hagezi Breaking:

api.gras.samsungdm.com - Initial device setup wizard

It's weird, i literally can setup new galaxy device setup wizard without internet connection in the first and has no problem. Maybe this is a problem for old samsung phones?

hagezi commented 1 year ago

@MagicalAlchemist May be, but can not test it. I have relied on research.

MagicalAlchemist commented 1 year ago

@hagezi what about blocking poll.gras.samsungdm.com ? Will this cause any breakage?

it appears together with report.gras.samsungdm.com

hagezi commented 1 year ago

@MagicalAlchemist It belongs to package com.samsung.android.sdm.config. Seems to be used for update config.

robbyx69 commented 8 months ago

If api.sec.intl.miui.com is blocked, it cannot be updated the antivirus from Miui Security apk.