Hi
I may be wrong, but can someone help me interpret the results of this analysis correctly?
See the Network Related section: Why does Simplex.apk have a hardcoded communication with
An app that is advertised as the most privacy-friendly?
All other indicators can (probably) be considered false positives (for example, the Camera permission, which is needed for video calls)
These URIs are the references to technical documentation in Google Android site - they are used in error messages by various libraries.
The presence of the URI in code does not mean that the app communicates with this URI.
On the opposite, the absence of the URI in code does not prove that the app does not communicate with any given URI - the URIs can be obfuscated in many ways.
So this scanning technique to discover potential attacks is completely inefficient, and it creates unnecessary work of removing URIs from code, but achieves absolutely nothing to prevent the actual network connection - any malicious app can hide them and make them invisible to the scanning.
Another example would be simplex.chat domain. While the app contains it in code, the app never communicates with this domain, and it is only used to namespace the links and to allow showing QR code for people who don’t have the app.
You cannot establish what URIs any given app communicates with by scanning its code - you need to proxy all traffic and monitor all connections that the app makes.
Thanks Evgeny for your explanation and time (I’m sure we all appreciate it). But you didn’t say directly and specifically - does the app make these connections to Google servers?