Why is this app sending hundreds of requests to accounts.google and s3.amazonaws.com?

trustcrypto / OnlyKey-App

The OnlyKey App is used for the initial setup and configuration of OnlyKey. Supported on Windows, macOS, Linux, and Chromebook (with Chrome App).

https://docs.crp.to/app.html

Other

106 stars 24 forks source link

Why is this app sending hundreds of requests to accounts.google and s3.amazonaws.com? #176

Closed IzumiSagiri closed 2 years ago

IzumiSagiri commented 2 years ago

Step 1: Install a Linux firewall such as OpenSnitch. Step 2: Launch this app.

Then you find that this app immediately sends about a hundred requests to accounts.google.com and s3.amazonaws.com and www.gstatic.com.

Please explain why this is happening, and can we have a fully offline version???

rodgolpe commented 2 years ago

Um, this doesn't sound right at all. The only one that makes sense to me is S3 -- of you've selected the option to check for app updates, it needs to pull a manifest.json that we host in an S3 bucket. We also use a web font that should be bundled. I'll investigate further.

onlykey commented 2 years ago

Chromium (NW.js) which the app is built on does call accounts.google.com, this should be fixed in a later version of Chromium

https://bugs.chromium.org/p/chromium/issues/detail?id=1055722#c20

onlykey commented 2 years ago

@rodgolpe I tried the latest app (yet to be released 5.3.4) no calls to accounts.google.com. Can you verify? I used Lulu on Mac

brew install lulu

rodgolpe commented 2 years ago

Testing the latest app release 5.3.4 shows only 2 remote requests, which can both be disabled from the preferences menu:

Automatically check for app updates
Automatically check for firmware updates