Monday 30 December 2013

Security update: Online with Sailfish, Android browsers and apps

Just a few common Android Browsers. Famous Firefox missing

Google DNS usage located on Jolla

It's been found out that Myriad Alien Dalvik, service on which all Android applications run on Jolla, sets Jolla to use Google's DNS server 8.8.8.8 in Android environment. This DNS is in use for all Android applications connecting to the internet, including Browsers, SoMe Apps (fb, twitter, whatsapp etc...) and any other applications. This means that every URL you send via an Android app is first sent to Google. This doesn't happen only on Alien Dalvik - It's normal in all Android environments. Android is Google's property.

A lot of Jolla users have installed Android support (myself included) without knowing this - but here we have another great example of the OpenSource ideology: This was discovered, and now the info is spreading fast through the community.

Those who don't want to send their every "net step" via Google have exactly two options: Use Sailfish Browser (in a network not using Google's DNS) or hack the Alien Dalvik (to use a different DNS, in a network likewise). Personally I'm using a lot of Google's services, knowing that they are profiling me all the time to show me the most attractive commercials. The world is full of people like me - 81% of all the smartphones in the world are Androids. Among Jolla owners, however, the percentage might be a lot smaller. Some people care. Knowledge is Power, and we can only hope for Google to use their huge "property" wisely.

DNS - Short basics

DNS server is always the first place connected when enterin the net. It offers the directions to the required content. A simple example:
  • You enter http://together.jolla.com into your browser
  • that text is sent to the DNS server, normally one defined by your network provided
  • DNS server returns a numeric address where the named site locates (54.194.54.215, Ireland)
  • Your phone builds a connection to that server (via several servers on the way)
  • Content is transferred to your phone

Sailfish Browser

The biggest reason for people using Android browsers on their Jolla is that Sailfish browser looks like an alpha version so far. It has 5 virtual buttons (back/forward/refresh/favourite/tabs) and 3 more pulley menu items behind tabs (new tab, close all tabs, share). Sharing opens a simple link share with adding your own writing - nothing more. The browser also include a few bugs, crashing sometimes with no explanations. However, there's someting good: Gecko based user agent is modern, and scores very well in for example html5 test (You can try by opening html5test.com with your Jolla browser)

Updates wanted and expected

Users have been patient while waiting for new features to be released, but this finding in Alien Dalvik could cause some wishes for faster browser app updates - remains to be seen. New features are promised during Q1/2014, but nobody knows what they are. Other important updates are 4G/LTE support, NFC bug fix (should be available in couple of weeks) and Store related bugs (downloading / connection problems), just to name a few. So far, Jolla has released two larger updates (1st for bug fixes, 2nd for some features and more bugfixes) with unexpected speed. Jolla has managed to keep their community quite happy, considering the amount of things needed to be done. Most whining has been seen in Jolla's policy in informing their customers and a slow care response in common.

3 comments:

  1. Information in this article is wrong, URL is never sent to DNS servers, neither DNS is used to follow 'your every step'. if you type http://server/location only 'server' part is sent and only once, because DNS requests are typically cached. Don't scarify poor users.

    ReplyDelete
    Replies
    1. Please don't offer our readers false feeling of security. From Google: Google Public DNS complies with Google's main privacy policy, which you can view at our Privacy Center. With Google Public DNS, we collect IP address (only temporarily) and ISP and location information (in permanent logs).

      Full list of permanently logged data, according to Google, can be found here:

      According to the privacy policy, information saved into Google's permanent logs can also be shared to 3rd parties, if you have accepted Google's terms (prompted and accepted by user e.g. when starting to use Google Apps some other Google services). For example, the location information of users requesting certain company url might be very useful to the company. Additionally, Google's public DNS is propiertary code (closed source).

      Delete
    2. by 'every step' used in my article, I point to the location data.

      Delete