Evgeny Poberezkin @ epoberezkin @lemmy.ml Posts 7Comments 3Joined 3 yr. ago
These URIs are the references to technical documentation in Google Android site - they are used in error messages by various libraries.
The presence of the URI in code does not mean that the app communicates with this URI.
On the opposite, the absence of the URI in code does not prove that the app does not communicate with any given URI - the URIs can be obfuscated in many ways.
So this scanning technique to discover potential attacks is completely inefficient, and it creates unnecessary work of removing URIs from code, but achieves absolutely nothing to prevent the actual network connection - any malicious app can hide them and make them invisible to the scanning.
Another example would be simplex.chat domain. While the app contains it in code, the app never communicates with this domain, and it is only used to namespace the links and to allow showing QR code for people who don't have the app.
You cannot establish what URIs any given app communicates with by scanning its code - you need to proxy all traffic and monitor all connections that the app makes.
just delete them after a set time - preset servers have it at 21 day
v5.2 with delivery receipts is fully released – see the post about it and about the future of the groups, and join our event next week!
SimpleX Chat: v5.2-beta.2 with delivery receipts, favorite chats, and more is available! Also - join our event on July 27!
yes, occasionally :)