FORUMS

AirDroid Using Tencent Servers?

20 posts
Thanks Meter: 12
 
By TankedThomas, Junior Member on 8th August 2019, 09:18 AM
Post Reply Email Thread
I've search for information on this but have found nothing so I thought I'd post my findings here and see if anyone has anything to add/correct.

I've been setting up firewall blocking on my router using ASUSWRT-Merlin with Skynet firewall. I decided to block a whole bunch of countries that I deemed unnecessary/risky for security, including China.
Turns out, blocking China prevents AirDroid from working - it can't even log in.
Checking the log shows a bunch of domains that Skynet is blocking (stat.airdroid.com, stat3.airdroid.com, stat-push.airdroid.com, us-east-7-data.airdroid.com, us-east-8-data.airdroid.com, srv3-clb.airdroid.com, id4-clb.airdroid.com; possibly others). Telling Skynet to unblock these domains results in it responding with "Element cannot be deleted from the set: it's not added" (i.e. they're not blocked).
Removing China from the blocked countries list allows AirDroid to work.

Now this is where things get interesting, and how I figured out the China-wide blocking was causing this issue. In the log file that Skynet stores on the inserted USB drive, "skynet.log", it shows the IPs that these connections were trying to make. All of them are owned by Tencent (there were two prominent ones, but the entire range beginning with "49.51." is owned by them) - specifically, these are for TencentCloud (I assume those are their cloud services, like Azure or AWS or such).
Also, the three MAC addresses dealing with the Tencent IPs are my Note 9, Galaxy Tab A8 and my MacBook - the only three devices on which I run AirDroid.

I'm sure most people won't really care on what servers AirDroid are hosting, but personally, I'd rather not have any connections made to or from Tencent IPs if possible, especially considering how often AirDroid appears to be phoning home. This worries me, especially since this doesn't appear to be public knowledge. The only inconsistency is that a whois lookup shows AirDroid's host is GoDaddy, so how exactly Tencent is involved, I'm not sure... but they are.

If I'm mistaken about this, please feel free to correct me - I'd be happy to be wrong, frankly -, but based on what I'm seeing and the blocking/unblocking I've tried, it appears, at least for now, that this is true.
Guess I'll have to start looking for an AirDroid alternative, because this is unacceptable to me.

Attached are some screenshots of my logs with MAC addresses and personal IPs redacted in case anyone is curious. Yes, I realise the dates are different - I didn't realise I'd screencapped yesterday from the log until after I had edited the images, but the data is pretty much identical to the data from today.
Best I can tell, the Tencent IPs definitely coincide with AirDroid trying to log in and authenticate (and failing at the time because China was still blocked).
Attached Thumbnails
Click image for larger version

Name:	Screen Shot 2019-08-08 at 7.13.58 PM.png
Views:	310
Size:	114.3 KB
ID:	4803283   Click image for larger version

Name:	Screen Shot 2019-08-08 at 7.12.54 PM.jpg
Views:	306
Size:	271.3 KB
ID:	4803284   Click image for larger version

Name:	Screen Shot 2019-08-08 at 7.14.41 PM.png
Views:	302
Size:	241.4 KB
ID:	4803285  
The Following 3 Users Say Thank You to TankedThomas For This Useful Post: [ View ] Gift TankedThomas Ad-Free
20th January 2020, 12:31 AM |#2  
Junior Member
Thanks Meter: 3
 
More
Thanks for this info, I was already having my doubts about Airdroid.
The Following 2 Users Say Thank You to wasdroger For This Useful Post: [ View ] Gift wasdroger Ad-Free
20th January 2020, 06:44 AM |#3  
TankedThomas's Avatar
OP Junior Member
Thanks Meter: 12
 
More
No problem. I'm glad someone found it useful. Nobody else seems to be talking about it, which bothers me.

If nothing else, Tencent's servers are being used for Airdroid's authentication servers.
25th January 2020, 11:06 AM |#4  
Senior Member
Flag Wuxi
Thanks Meter: 561
 
More
Not sure why it is such an issue really? I mean it is not like other services that use servers tell me where they are routing anything. I would be more worried that there is basically no information about the company that runs the project.
25th January 2020, 11:28 AM |#5  
TankedThomas's Avatar
OP Junior Member
Thanks Meter: 12
 
More
Quote:
Originally Posted by wangdaning

Not sure why it is such an issue really? I mean it is not like other services that use servers tell me where they are routing anything. I would be more worried that there is basically no information about the company that runs the project.

Because not every company routes your information through Chinese servers which, in this case, could have a large amount of access to your linked devices. Tencent is not a trustworthy company. This could potentially mean that, if they wanted to, the Chinese government could access a lot of your data through AirDroid.
Now, obviously that's not guaranteed, but I still wouldn't trust it.
Then again, there's a reason I try to stick to FOSS software as much as possible. AirDroid was convenient for a while but I don't use it now.

Besides, your reasoning for this not being "such an issue" is "others are shady too". That... doesn't actually make it any better. Plus we know that companies like Google, for example, mine your data anyway, whereas this seemingly innocuous application that I've seen readily recommended by many people is a lot more obfuscated (probably because it's a smaller app).
That, and I haven't found many apps and sites from personal usage that my firewall setup blocks, so this one absolutely stood out like a sore thumb.
I don't want anything to do with Tencent and I know other people feel the same way as me. More importantly, I shared the information to hopefully learn more and, more importantly, let other people know in case they care.
The Following User Says Thank You to TankedThomas For This Useful Post: [ View ] Gift TankedThomas Ad-Free
27th January 2020, 09:50 AM |#6  
Senior Member
Flag Wuxi
Thanks Meter: 561
 
More
Quote:
Originally Posted by TankedThomas

Because not every company routes your information through Chinese servers which, in this case, could have a large amount of access to your linked devices. Tencent is not a trustworthy company. This could potentially mean that, if they wanted to, the Chinese government could access a lot of your data through AirDroid.
Now, obviously that's not guaranteed, but I still wouldn't trust it.
Then again, there's a reason I try to stick to FOSS software as much as possible. AirDroid was convenient for a while but I don't use it now.

Besides, your reasoning for this not being "such an issue" is "others are shady too". That... doesn't actually make it any better. Plus we know that companies like Google, for example, mine your data anyway, whereas this seemingly innocuous application that I've seen readily recommended by many people is a lot more obfuscated (probably because it's a smaller app).
That, and I haven't found many apps and sites from personal usage that my firewall setup blocks, so this one absolutely stood out like a sore thumb.
I don't want anything to do with Tencent and I know other people feel the same way as me. More importantly, I shared the information to hopefully learn more and, more importantly, let other people know in case they care.

I would like to know what exactly makes tencent untrustworthy. I use them for banking daily, so would like to be informed.
27th January 2020, 10:03 AM |#7  
TankedThomas's Avatar
OP Junior Member
Thanks Meter: 12
 
More
Quote:
Originally Posted by wangdaning

I would like to know what exactly makes tencent untrustworthy. I use them for banking daily, so would like to be informed.

The fact that they give your data to the Chinese government should be all you need to know to deem them untrustworthy - Tencent and similar companies collect a lot of your data (often illegally).
If you don't believe me, look it up - most of (if not all, though that has yet to be conclusively proven, but it's not much of a stretch) the tech giants in mainland China are in the pocket of the Chinese government.
Frankly, I value my privacy too much to deal with such a company, and using them for banking sounds like a bad idea to me.

Here are some sources that I pulled up quickly, but there's plenty more of these around the web:
https://www.wsj.com/articles/chinas-...ing-1512056284
https://www.scmp.com/tech/article/21...-messaging-app
https://fossbytes.com/xiaomi-and-ten...lection-china/
https://freedomhouse.org/blog/worrie...r-look-tencent

The best they get is a slap on the wrist (and sometimes only for the sake of publicity), then they continue on with these practices.
And that's to say nothing of the censorship in which they engage.
The Following User Says Thank You to TankedThomas For This Useful Post: [ View ] Gift TankedThomas Ad-Free
27th January 2020, 11:39 AM |#8  
Senior Member
Flag Wuxi
Thanks Meter: 561
 
More
Quote:
Originally Posted by TankedThomas

The fact that they give your data to the Chinese government should be all you need to know to deem them untrustworthy - Tencent and similar companies collect a lot of your data (often illegally).
If you don't believe me, look it up - most of (if not all, though that has yet to be conclusively proven, but it's not much of a stretch) the tech giants in mainland China are in the pocket of the Chinese government.
Frankly, I value my privacy too much to deal with such a company, and using them for banking sounds like a bad idea to me.

Here are some sources that I pulled up quickly, but there's plenty more of these around the web:
https://www.wsj.com/articles/chinas-...ing-1512056284
https://www.scmp.com/tech/article/21...-messaging-app
https://fossbytes.com/xiaomi-and-ten...lection-china/
https://freedomhouse.org/blog/worrie...r-look-tencent

The best they get is a slap on the wrist (and sometimes only for the sake of publicity), then they continue on with these practices.
And that's to say nothing of the censorship in which they engage.

If privacy was your main concern you would never use an app that routes your data through a third party without encryption. It is clear your goal is to take a shot at a company that is not even in control of the app you are complaining about. Lets see, your news list says, Xiaomi, Huawei, Tencent, and Chinese. How interesting.

By all means protect your privacy. I know I do and I use all three companies and many more products from the country. I hate that tencent knows when I get a latte though
27th January 2020, 12:51 PM |#9  
TankedThomas's Avatar
OP Junior Member
Thanks Meter: 12
 
More
Quote:
Originally Posted by wangdaning

If privacy was your main concern you would never use an app that routes your data through a third party without encryption. It is clear your goal is to take a shot at a company that is not even in control of the app you are complaining about. Lets see, your news list says, Xiaomi, Huawei, Tencent, and Chinese. How interesting.

By all means protect your privacy. I know I do and I use all three companies and many more products from the country. I hate that tencent knows when I get a latte though

It is clear your goal is to defend a bunch of Chinese companies known for handing data over to the Chinese government.

The fact that you are purposely trying to portray me in a specific way to fit your narrow-minded view instead of being concerned about how and where data goes (and for the record, I care about where my data goes in general, but most people around here are already well aware of where data for companies like Google and Apple goes, but not for an app like this) is frankly ridiculous.

If you don't care about this (which you clearly do not), then kindly leave this thread and don't return. I posted this thread to let people who despise Tencent and their business practices know about AirDroid's involvement, and to see if anyone had more information. I did NOT post this thread for you to come along and defend Tencent's honour. Enough garbage companies already do that, and they've added as much to the discussion of privacy as you have (i.e. absolutely nothing of value).
The Following 2 Users Say Thank You to TankedThomas For This Useful Post: [ View ] Gift TankedThomas Ad-Free
12th March 2020, 01:47 AM |#10  
doggydog2's Avatar
Senior Member
Thanks Meter: 205
 
More
Great concerns, for sure. Thanks for your input.
I tried the app, quickly isolating it from the WAN, and running with Xprivacy of course. Luckily, HTTPS local connection only is possible. I wouldn't sign up in this type of app and i wouldnt use the barcode reader to connect to WAN. Rendered LAN web app contacts chinese servers on the PC, but reviewing content it looked fine in a quick check.
The app seems chinese, it's giving me one notification bar in chinese, and rest of translations are chinglish. I don't say it's neccessarily wrong, i just want to know if this is an open source app to trust it. Otherwise, i will keep running it in strict LAN mode.

Now about the functionality, I like Synology/Windows like UI. So cool!
Contacts/Call log/messages/ringtones/apps work.
Mirroring and Camera worked once. There's some strange checkbox "Don't show again" to click on (?) in Mirroring settings which doesn't work. Update: Camera worked again once switching back to HTTP.
Files/Music/Pictures/Videos don't work at all, even the android app cannot see files. No clue why.
Notifications are shown again on HTTP, however they're not displayed by the browser AND they simply disappear later. No actions also. So unless you 're currently in the tab, you won't notice anything.

I struggle to find a use case for this.
* Mirroring isn't interactive - so together with Camera it's a very infrequent function to use. I'd rather have an interactive mirroring like MobilEdit (if i remember correctly), what a great app it was. Or a Dex type of desktop where you can really interact with the android.
* Messages is showing "SMS", which is something obsolete for me, using alt messenger with secure repository (not the standard unsafe android one). SMS and calls are dead to me long time ago, but i'd have been happy about possibility to reply a decade ago, definitely!
* The last resort is notifications, that'd save some time if implemented well, with history. But it's not.
* One more thing on my mind is ability to send APK to phone, ok.. but it's again a rare task, i wouldn't run this background service for this purpose if i can send the APK via bluetooth...
The Following User Says Thank You to doggydog2 For This Useful Post: [ View ] Gift doggydog2 Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes