Need disassembly gurus: a privacy/security issue with one of Mi A1 apps, Spock

[billysam]

More about xiaomi analytics can be found here.

http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/

Attached screenshot for the domain it tries to connect.

Thats where it upload the logs in gzip format and I found this link ( https :// tracking.intl.miui.com /track /spock )from the source file provided here. It's their official address, not selling to google at least.

The blog you referred is based on old findings, they have secured their servers and if they leak or steal any data, it will only damage their own brand reputation, something no big company would try to do, but every company tracks their devices, so yes imei, mac id, sim network, region, location, wifi, and other app logs will be stored in their database. Nothing unusual finding there. If you all suspect other app you can post about it.

 

[pooniaprashant]

Thats where it upload the logs in gzip format and I found this link ( https :// tracking.intl.miui.com /track /spock )from the source file provided here. It's their official address, not selling to google at least.

The blog you referred is based on old findings, they have secured their servers and if they leak or steal any data, it will only damage their own brand reputation, something no big company would try to do, but every company tracks their devices, so yes imei, mac id, sim network, region, location, wifi, and other app logs will be stored in their database. Nothing unusual finding there. If you all suspect other app you can post about it.

is it safe to remove?

 

[ibooth2004]

is it safe to remove?

It's fine to remove, I've disabled all Mi Apps with ADB and without root, meaning I get OTAs working just fine. If I were you I would disable all Mi Apps just to be safe around data collection, the apps are: PAI, Feedback and Spock.

 

[prokaryotic cell]

More about xiaomi analytics can be found here.

http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/

Attached screenshot for the domain it tries to connect.

What app is this (from the screenshot)?

 

[barrack1]

What app is this (from the screenshot)?

Its in the article that was linked.

 

[prokaryotic cell]

Its in the article that was linked.

Welp, read the whole article and there was no mention of the app used. I meant the app that logs network access from another apps in your screenshot, not the Xiaomi app being analyzed.

 

[barrack1]

Welp, read the whole article and there was no mention of the app used. I meant the app that logs network access from another apps in your screenshot, not the Xiaomi app being analyzed.

Its probably just a network sniffer app similar to wireshark on pc's. I used a free one which used the VPN method that doesn't require root but I couldn't find it anymore on playstore, but it looks like there are others.

 

[thorin0815]

What app is this (from the screenshot)?

Should be Netguard, a no root firewall.

https://play.google.com/store/apps/details?id=eu.faircode.netguard&hl=de

 

[jaboneros]

I recommend you use blokada (check it out at https://blokada.org) ; a lot of traffic safely blocked on my Redmi phone by that app

 

[thorin0815]

After upgrading to Pie on my A2 Lite I noticed a new app named "diaglogger" running in the background. Package name is "com.huaqin.diaglogger".
Do you have it too with the A1 Pie? Anyone knows what it's for? Google said "Huaqin" is some kind of a chinese telecom company.