Weird connections made by the Android System

Hello together!

I am one of those people who would prefer not to have Google on the phone. So I did my best to at least block the services from calling home and collecting data about me: I installed NetGuard before my phone’s first connection to any network and only allow internet access to the specific FOSS apps that I’m really using.

As a side effect, I now see all the connection attempts by several system apps. Besides several Amazon and Google servers, my phone also makes several very weird connection attempts:

Note that I have not been in Hungary, neither opened the website of Fidesz or any associated organization, or anything.

How is it possible that the system of my phone tries to connect to these servers all by itself? I have several further examples of such connections out of which I just can not make sense.

Any ideas? Similar observations? Anything?

What apps are installed?

1 Like

That’s the background activity of Google and different other apps & services. I believe it’s only known to the data collectors why and which route and hops your data packages actually take until reaching their destination.
Each hop will gather and add data to packages it’s routing. Only in few cases e.g. Startpage search machine settings one may define where and how far data will be transported (World/EU/closest server).
If one don’t want to have his data spread and collected that way(abroad) he is in need to disable/remove/replace certain apps and services which at some point will limit options, functionality and convenience.
Using a firewall is more easy. But to keep close control of which packages may pass and which not, detailed traceroutes and package analysis has to be done using tools like e.g. Wireshark.

If not being familiar with the network and IT field in depth there is not much fun to be expected by doing this.

Btw. this background activity counts on top of your data plan without much use for you.

Hello! Thanks for looking at the thread. Well, concerning apps:

Besides the software installed from the beginnig I have only
apps from F-Droid such as

  • OpenBoard
  • Vlc
  • OsmAnd+
  • K-9 Mail
  • Librera PRO
  • IceCatMobile
  • Jitsi Meet

Probably, this list is not exhaustive. But I did not install any proprietary app such as Whatsapp and the like and I was hoping that the open source apps from F-Droid would be at least checked against not communicating random things to fidesz.

Does this help?

Hey! Also thank you for your reply.

I have to say: I find it hard to believe that this is the usual “Google background activity”. How come that also, for example, the website ig-haase.de is being contacted? Is it that the admins or host services for such websites also use their servers for google services at the side, i.e. when their main website is idle?

Also: How does my phone even know about which address to contact? It is very unlikely that, say, the above mentioned website was listed in my phone during installation of Android.

At least for now, all this data is being blocked. But seriously: What are all these files even about? I do not have a Google account and I deactivated all Google apps except “google play services”. The latter keeps running, because the phone does not allow for its deactivation.

Yes, but i have to check for it. The fidesz address looks like it’s an mail account, but if you have no affiliations, strange. Romania also unusual. And it’s not a normal Android background traffic. Android would be Google, browsing will bring lots of ad servers and Facebook, but these are definitely not the usual trackers. Your-server might be from browsing

Alright. I am currently located in Germany, but I was traveling all around the Mediterranean and also bought SIM-cards from outside Germany. I heard that some companies are able to push bloatware to your phone (in some other thread this was apparently an issue with Orange in France). Do you think this is also a possibility?

In either case: Do you suggest to reset my phone? Or is there a way to really find out whats going on there?

EDIT: You say some activity can stem from browsing. I was only using IceCat as a browser on my phone and never any google product such as chrome. Are you sure that IceCat also communicates with the Android system and backup services and the like and tells them to contact websites that I never visited?

Just wanted to ask. Astral.ro for example seems to have something to do with phone services. If you can’t identify apps you didn’t install maybe the best way indeed worud be too factory reset. As said before, that’s not normal!

1 Like

Ok, thanks again for your answers. I will eventually reset my phone by tomorrow, then. But this should also be interesting to everyone trying to use NetGuard to protect his/her phone: It does not seem to be that easy to make it work!

For example: I recently received the security update for the system. It had been outdated for more than 14 days and I did not really care to allow for the update because I was expecting that the system did not have contact to the outside world either way and I just updated all the apps with internet access. Maybe I was wrong in doing this and indeed messed up the security.

Either way, my phone made a silent reboot during the night all by itself, downloaded and installed the update via its data connection and I only found out the next morning. I found this very frustrating since I really lost control over what my phone sends and the connections it makes.

It would be interesting whether anybody else made similar experiences.

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.