NoRoot Firewall and 40+ pending remote access requests on Android.

Posted by on Dec 15 2019

I use NoRoot Firewall on my Android Phone, and I have to stop it at times because it breaks my applications.  Because of this, I decided to do deeper dig into some of the system services, particularly Google Backup Transport, Google Play services, and Google Services Framework. These Google services made up for 30+ services requesting remote access (the IP addresses are listed below this post) These  IP addresses connect to either port 443 or 5228. Port 443 is a well known port for secure tunneling, meaning its likely used to transmit encrypted data. Port 5228 is used by Android Market & some Chrome processes.

What is interesting is that NoRoot Firefall by default blocks outgoing connections, which is the same thing that got Disconnect.me banned from the Google Play Store in 2015:

Google removed Disconnect Mobile from the Google Play store for violating its policy against apps that interfere with other apps. To protect user privacy, Disconnect blocks “unsolicited network connections” between a mobile user’s app or browser and services involved in tracking or malvertising.

Perhaps Disconnect.me they should have listed as a firewall in Google Play instead of marking unsolicited network connections. From a practical point of view it would have kept them in the store, though I suspect they would have some disgust from such a decision.  In either case, I am grateful for the privacy minded focus of both of these apps. Note that Disconnect.me is still not available in the Google App store, but is available on IOS.

Here is a list of 33 ip addresses connecting out shown as google services. Why are so many IP addresses going, and what do they all do?

  1. 172.217.3.200:443
  2. 216.58.217.36:443
  3. 173.194.66.188:443
  4. 172.217.14.206:443
  5. 172.125.199.188:5228
  6. 173.194.203.188:5228
  7. 173.194.202.188:5228
  8. 74.125.195.188:5228
  9. 74.125.197.188:5228
  10. 172.217.3.202:443
  11. 172.217.14.234:443
  12. 172.217.3.168:443
  13. 216.58.217.40:443
  14. 172.217.14.202:443
  15. 172.217.3.168:443
  16. 216.58.217.40:443
  17. 172.217.14.202:443
  18. 172.217.3.170:443
  19. 172.217.3.196:443
  20. 172.253.122.188:5228
  21. 173.194.68.188.:443
  22. 216.58.217.45:443
  23. 108.177.98.188:5228
  24. 64.233.190.188.5228
  25. 172.217.14.196:443
  26. 216.58.217.42:443
  27. 172.217.219.188:443
  28. 172.217.14.200:443
  29. 64.233.177.188:443
  30. 216.58.193.78:443
  31. 172.253.112.188.:443
  32. 172.217.3.206:443
  33. 216.58.193.74:443
  34. 74.125.20.188:5228
  35. 172.217.14.232:443

 

Sketch of the day theme: olympic

Posted by on Dec 13 2019

Every year activists hold a ‘Splinter Olympics’ in Smithers, BC to race to the top of diseased trees. Prizes go to both the fastest and the one who collects the most splinters.

2019-12-13-olympic