After the discussion in the following post I dug a bit deeper the rabbit hole.
While I mostly relied on Exodus to see if an app has trackers in it… I was baffle to see all the sketchy requests it made while dumping the DNS requests with PCAPdroid…
Over 200 shady requests in a few seconds after login… here’s a preview:
While I don’t use AdguardVPN, I have Adguard Home as my DNS server in my homelab… I think It’s time to switch to pi-hole !
Edit: VPN pcapdroid
This dump is only from AdguardVPN app. This traffic is not my routed traffic to the VPN.
As you can see on the second screen my vpn is connected to PCAPdroid.
And 800 requests in less than a minutes on a rooted/debloated android?
I have seen a lot of keep alive/cdn packets and fallback dns… and I know how a VPN and routing works. I have setup my whole homelab with selfhosted wireguard/dns/router… I have seen a lot of request on my Adguardhome and played arround with wireshark to see the whole network traffic.
Sure on a whole network there is a lot of traffic, but this amount of request for a single app? There’s something fishy !
Edit: Try it for yourself and post some screenshots.