Privacy Browser Android

To help troubleshoot the problem and diagnose the root cause, please post the following information.

1. A copy of About > Version from Privacy Browser.
2. A description of the firewall you are using that detected the attempted communication. Logs or screenshots from the firewall would be helpful.
3. A list of all the URLs open in Privacy Browser when this occurred. The most likely explanation is that one of the pages you were visiting attempted to make resources requests to stun.l.google.com and play.google.com, so that needs to be ruled out. For example, if one of the pages you visited displayed an ad for an app on Google Play it would not surprise me if communication attempts were made to these domains.

1. A copy of About > Version from Privacy Browser:

- See below:

Privacy Browser
Version 3.8.1 (version code 56)

Hardware
Brand: samsung
Manufacturer: samsung
Model: SM-G980F
Device: x1s
Bootloader: G980FXXUCZUK1
Radio: G980FXXUCZUK1,G980FXXUCZUK1

Software
Android: 12 (API 31)
Security Patch: 2021-11-01
Build: SP1A.210812.016.G980FXXUCZUK1
WebView Provider: com.google.android.webview
WebView Version: 93.0.4577.82
Orbot: 16.4.0-RC-2a-tor-0.4.4.6

Memory Usage
App Consumed Memory: 14.05 MiB
App Available Memory: 6.05 MiB
App Total Memory: 20.10 MiB
App Maximum Memory: 256.00 MiB
System Consumed Memory: 4,402.20 MiB
System Available Memory: 3,042.43 MiB
System Total Memory: 7,444.63 MiB

Blocklists
EasyList: 202106261237
EasyPrivacy: 202106261237
Fanboy’s Annoyance List: 202106262100
Fanboy’s Social Blocking List: 202106261237
UltraList: 1
UltraPrivacy: 2

Package Signature
Issuer DN: CN=FDroid, OU=FDroid, O=fdroid.org, L=ORG, ST=ORG, C=UK
Subject DN: CN=FDroid, OU=FDroid, O=fdroid.org, L=ORG, ST=ORG, C=UK
Start Date: 17 Apr 2016 04:14:13 GMT-04:00
End Date: 3 Sept 2043 03:14:13 GMT-05:00
Certificate Version: 3
Serial Number: 166629308
Signature Algorithm: SHA256withRSA

2. A description of the firewall you are using that detected the attempted communication. Logs or screenshots from the firewall would be helpful.

- Netguard 2.9.8 Pro proxied to SOCKS5 Orbot.
Screenshots attached

3. A list of all the URLs open in Privacy Browser when this occurred. The most likely explanation is that one of the pages you were visiting attempted to make resources requests to stun.l.google.com and play.google.com, so that needs to be ruled out. For example, if one of the pages you visited displayed an ad for an app on Google Play it would not surprise me if communication attempts were made to these domains.

- Not sure how to aquire the list of URLs for that time frame, let me know how pls.

Even without me interacting with that ad?

On screenshots you can see some system apps trying to access the domains in question too. Is it possible that system apps trigger PB to access google's destination?

Also i saved PB log from then if it helps, but i cannot locate it. Where is the saved log being stored?

Reviewing the screenshots, Screenshot_20211205-141956_NetGuard.jpg stands out to me because the calls to stun.l.google.com comes after a dns lookup to one.one.one.one, which comes after a DNS lookup to dns9.quad9.net, which comes after a call to ipleak.net. stun.l.google.com can be used for lots of different things (https://en.wikipedia.org/wiki/STUN), but one of them can be to attempt to reveal your true IP address. As ipleak.net runs tests to see if websites can leak your real IP address, it wouldn't surprise me that they are using stun.l.google.com as part of those tests.

I don't know if that is what is going on here, but it is one possibility.

In screenshot below are setting dor DNS in Netguard.

Regarding ipleaks.net I do use it from time to time when changing some settings. But in this case ipleaks was reached out 30 min later, and actually i went to ipleaks.net after i saw those stun.l.google.com queries in the log.

The webview is my main concern in this case too. This version came with the undate to A12 oneui 4 beta 1. I know there is a 96x version out, just thought since most recent os update came with 93x it should be ok. I will update tbe webview and keep monitoring following your instructions.

While using PB for months on g950f on A9 Pie i have never experience such events.

I am going to close this bug report as there have been no further updates from the submitter. If anyone has further information to add please do so and I will reopen the bug report.