Why Firefox for Android is causing The Linux kernel to send data packets to random sites?
I've recently installed CyanogenMod on my Nexus 5. Shorty after installing CyanogenMod I decided to install Firefox on my device from here:
https://f-droid.org/repository/browse/?fdid=org.mozilla.firefox
Afrer installing it I decided to install a frontend application for IPtabels from here:
https://f-droid.org/repository/browse/?fdid=dev.ukanth.ufirewall
After installing it I blocked some applications from accessing my data networks, including The Linux kernel. After some hours passed I took a look at the firewall log and I noticed that the firewall has blocked several data packets from accessing the internet. The log also showed the IP addresses where the data packets were being sent. I decided to find out to whom these IP adresses belonged. The results were rather strange. One particular IP belonged to a French ISP, one on the other hand belonged to a Finnish ISP. Finally I found one IP that made some sense. That IP belonged to Mozilla. However, at this point I couldn't be sure that Firefox was causing this behaviour. So I did a little test. I re-installed CyanogenMod on my Nexus 7. I connected my Nexus 7 to my WiFi-network at my home and I installed the same frontend application for IPtables on my device. I configured the firewall the same way I did for my phone, so The Linux kernel was also blocked from accessing any data networks. I surfed the web with my device and did some other things with it. I also checked the firewall log from time to time, and no applications showed up in the log. So I installed Firefox on my device. And immediately after installing it The Linux kernel was trying to send data packets to the same IP addresses. Now I was almost completely sure that Firefox was indeed causing this strange behaviour.
Here are some addresses where The Linux Kernel was trying to send data packets:
69.50.225.155 63.245.217.219 72.167.239.239 23.43.139.27 74.125.232.107 193.229.109.41 63.245.217.160 94.23.204.140
Conclusion:
- I downloaded CyanogenMod from the projects official site and I checked the md5sums of the files
I downloaded before I flashed anything onto my device
- I installed all the applications on my devices (including Firefox) from here: https://f-droid.org
- I didn't do anything stupid with my devices so I dont' think that they were infected with malware
- I changed Firefox settings so that it didn't share any data with Mozilla
So I'd like to have some answers to the following questions:
1)Why Firefox is causing the Linux kernel to send data to these IP addresses and is there any way
to turn this "feature" off?
2)Do the other versions of Firefox and other Mozilla software (Thunderbird etc.) also include this form of snooping?
All Replies (2)
The official Firefox for Android is available from the playstore or this site: https://www.mozilla.org/en-US/firefox/android/
It is possible to set up a Proxy https://addons.mozilla.org/en-US/mobi.../proxy-mobile/
I would assume that the browser is using the internet connection of the device and the internet is being provided by an isp, would it depend what the packets were? Maybe data billing requests?
I believe you can block ips as well if you wanted to: https://addons.mozilla.org/bn-BD/andr.../silentblock/
- 69.50.225.155 - belongs to the EFF, you likely have https everywhere installed
- 63.245.217.219 - aus4.vips.phx1.mozilla.com - Extension update check
- 72.167.239.239 - a1plpkivs-v03.any.prod.ash1.secureserver.net - some GoDaddy hosted site - extension?
- 23.43.139.27 - a23-43-139-27.deploy.static.akamaitechnologies.com - I don't know, Akamai is a world leader in geo distributed websites/services
- 74.125.232.107 - Google - search suggestions or malware/phishing protection database updates
- 193.229.109.41 - not registered to any website - searching seems to suggest it is owned by https://en.wikipedia.org/wiki/Elisa_%28company%29 possibly your ISP or Mobile data provider
- 63.245.217.160 - addons-versioncheck-single1.zlb.phx.mozilla.net - extension update check
- 94.23.204.140 - something related to f-droid.com