Android App Support access google.com when switching on WiFi

Hi folks,

i just realized that when Android App Support is activated (no Android App is loaded so far) and I switch on WiFi, the device access google.com. This happens every time I switch on WiFi again. Is this somehow a problem concerning privacy? Don’t get me wrong, I just have limited knowledge in such topics like security and privacy and i do’t want to troll.
Cheers

3 Likes

This is probably android’s connectivity check, where it tries to determine, if the wifi has internet access.
Sailfish (or more specific connman) does the same with a jolla.con URL…

While it would be nice, if the check would just get connectivity status from the host (or at least use the same jolla URLs connman does), I don’t think there’s much of a privacy concern.
The check should consist of a simple HTTP GET request (which expects a HTTP/204 code without data as reply) and as such not transmit any information, except for your IP and a user agent string (both of which could not be tied specifically to you or your device).

Thanks for the fast response. Do you think it’s possible to change the check to another address?

1 Like

Could be connectivity check, but could also be any of your installed apps that are allowed to run on startup.
Just because you didn’t tap them in the UI does not mean they are not running in the background.

You can go through the apps in the Jolla Settings Apps section and disable “allow backgroud services to start” for all of them and try again.

1 Like

Ah, thanks for the tip. Did not know about this function. I checked all my Android apps and the setting is disabled. What I realized further is the access to connectivitycheck.gstatic.com and time.android.com after starting WiFi with activated Android Support.

My first idea on how to change that is to create an entry in /etc/hosts for the address called by that service. If the connection is not SSL-encrypted a redirection to another address that returns response code 204 should be possible.
Unfortunately that workaround with /etc/hosts doesn’t seem to work with AlienDalvik, as I try to filter trackers and adverts using /etc/hosts on SFOS, I also map that to AlienDalvik’s LXC container, but that seems to ignore that file.
On ‘real’ Android those filters create a local VPN that pipes all traffic through a filter, but those VPNs don’t work in AlienDalvik

1 Like

According to Jolla, disabling this setting does not actually force stop Android apps or services from running in the background, it merely asks them to. Well behaved apps will respect this setting, but a lot do not. This came to light when Apotide was opening suspect web pages in the stock SFOS browser, even though it had been ‘disabled’ in the background and was not running in the foreground. There is a thread on this sonewhere.

1 Like

Seems like somebody already noticed this problem/behavior: Change the connection check for AD to a jolla url instead of google

Most sites say that these should disable/configure that on Android:

settings put global captive_portal_detection_enabled 0
settings put global captive_portal_mode 0
settings put global captive_portal_server localhost

With the first one being deprecated in Android > 4

See also: https://github.com/ukanth/afwall/issues/761

So you can do a:

nemo@device $ devel-su lxc-attach aliendalvik /system/bin/sh


# settings put global captive_portal_server  http://ipv4.jolla.com/return_204

I have not done a network trace to see whether it has any effect though.

1 Like

I have made a try and unfortunately it does not work like that. I changed the settings in the container (also http and https server) and after a restart of the container they are still there, but still the same behavior.