Cordova iOS app contacting firebaselogging-pa.googleapis.com for no reason

bratelefant · January 18, 2023, 4:37pm

Hi all,

I’m currently trying to figure out, why my meteor cordova app (client) is obviously trying to contact the url mentioned above. I suspect, that this request is related to usage of @paulishca 's meteor-push package and the included firebase packages and/or the cordova push plugin. I have no other tracking or push functionality installed.

Since all I need from firebase is push functionality, I’d really like to make sure that I prevent unnecessary connections to firebaselogging-pa.googleapis.com (in older versions I can also find connections to app-measurement.com).

If someone’s got a hint I’d really appreciate that.

paulishca · January 18, 2023, 4:45pm

github.com

activitree/meteor-push/blob/master/package.js

/* globals Package, Npm, Cordova */
Package.describe({
  name: 'activitree:push',
  version: '2.0.11',
  summary: 'Push Notifications for Cordova and Web/PWA with Firebase (FCM).',
  git: 'https://github.com/activitree/meteor-push.git'
})

Npm.depends({
  'firebase-admin': '9.12.0',
  firebase: '9.1.2',
  events: '3.3.0'
})

Cordova.depends({
  'phonegap-plugin-push': '2.3.0',
  'cordova-plugin-device': '2.0.3'
})

Package.onUse(api => {

This file has been truncated. show original

The package.js on a package shows clearly what Cordova packages are in use.

bratelefant · January 18, 2023, 4:54pm

That’s true. Do you have an idea which of those could possibly be sending the mentioned requests? And can you agree that those requests should not be necessary for push functionality?

paulishca · January 18, 2023, 5:01pm

There is no intention in this package to send anything to Google other than push messages.
Cordova is … a lot of Javascript. It could be that firebase (for client) does that, but I don’t thing so).

There is also a possibility that the client uses google service at the “HTML level” such as google analytics (e.g. react-ga)

There is also a possibility that the client loads google products such as maps, youtube etc … which yes, would do calls to analytics.

bratelefant · January 18, 2023, 6:52pm

I’m convinced that there is no intention of the package to send stuff to google (other than push). Neither do I intend to do so. However, using a MITM proxy, there’s clearly traffic coming from the app.

I have no dependencies related to google services, analytics or any other stuff that might be google-related.

If anyone has some experience with this I’d be really grateful. Generally speaking, I really like the feeling of having control over what my project is doing, even if I depend on other packages.

Edit: I’m really not an expert on all the details for the push mechanism, but is it correct, that there is technically no need for the client to contact fcm-server / google in order to generate a push token (which is then stored on my prod server)?

paulishca · January 18, 2023, 7:23pm

The FCM server is the token provider for the client.

Example for the web (client)

import { initializeApp } from 'firebase/app'
import { getMessaging, getToken, onMessage, deleteToken, isSupported } from 'firebase/messaging'


const webApp = initializeApp(configuration.firebase)
 this.messaging = getMessaging(webApp)

getToken(this.messaging, { vapidKey: configuration.publicVapidKey }).then(token => {
  this.log('Calling subscribe')
  if (token) {
    WebPushEventState.emit('token', token)
    doTabsRefresh()
    cb()
  } else {
    // deviceStorage.setItem('lastSubscriptionMessage', 'No Instance ID token available. Request permission to generate one.')
  }
}).catch(err => {
  this.log('Error on subscription: ', err)
  this.log('WebPush error when asking for permission', interpretError(err))
  deviceStorage.setItem('lastSubscriptionMessage', interpretError(err))
})

configuration.publicVapidKey and configuration.firebase have the identity of your project so that Google knows for which project a device receives a token for (since 1 device can receive 100 tokens from FCM for 100 different apps)

The same applies for Cordova:

 this.push = PushNotification.init(configuration) // PushNotification is a global vad coming from cordova-push package.

this.push.on('registration', data => { //... you get data.registrationId as token })

Client needs to contact FCM and needs to do it pretty often in case a token has been refreshed by FCM (tokens are not forever … like diamonds )

bratelefant · January 18, 2023, 7:27pm

Ok, that sounds 100% plausible. However, the urls (“firebaselogging-pa…” and “app-measurement…”), just from their names, don’t directly relate to push services.
Are these the official fcm urls to contact for a client to get its token? (aka diamond )

paulishca · January 18, 2023, 7:41pm

They usually look like https://fcm.googleapis.com/fcm/…

Maybe you can run the project in web and/or debug with Chrome where you have the Network tab and see who initiates the call to what you are interested.

bratelefant · January 19, 2023, 7:46am

Ok, I guess I found the line where the firebaselogging-pa is located. It is part of the GoogleDataTransport pod, which shows up in my build meteor project. Namely, the url is a shuffled a bit, so it can’t be directly found. Here’s the code from GTDCOREndpoints.m:

#import "GoogleDataTransport/GDTCORLibrary/Public/GoogleDataTransport/GDTCOREndpoints.h"

static NSString *const kINTServerURL =
    @"https://dummyapiverylong-dummy.dummy.com/dummy/api/very/long";

@implementation GDTCOREndpoints

+ (NSDictionary<NSNumber *, NSURL *> *)uploadURLs {
  // These strings should be interleaved to construct the real URL. This is just to (hopefully)
  // fool github URL scanning bots.
  static NSURL *CCTServerURL;
  static dispatch_once_t CCTOnceToken;
  dispatch_once(&CCTOnceToken, ^{
    const char *p1 = "hts/frbslgiggolai.o/0clgbth";
    const char *p2 = "tp:/ieaeogn.ogepscmvc/o/ac";
    const char URL[54] = {p1[0],  p2[0],  p1[1],  p2[1],  p1[2],  p2[2],  p1[3],  p2[3],  p1[4],
                          p2[4],  p1[5],  p2[5],  p1[6],  p2[6],  p1[7],  p2[7],  p1[8],  p2[8],
                          p1[9],  p2[9],  p1[10], p2[10], p1[11], p2[11], p1[12], p2[12], p1[13],
                          p2[13], p1[14], p2[14], p1[15], p2[15], p1[16], p2[16], p1[17], p2[17],
                          p1[18], p2[18], p1[19], p2[19], p1[20], p2[20], p1[21], p2[21], p1[22],
                          p2[22], p1[23], p2[23], p1[24], p2[24], p1[25], p2[25], p1[26], '\0'};
    CCTServerURL = [NSURL URLWithString:[NSString stringWithUTF8String:URL]];
  });

  static NSURL *FLLServerURL;
  static dispatch_once_t FLLOnceToken;
  dispatch_once(&FLLOnceToken, ^{
    const char *p1 = "hts/frbslgigp.ogepscmv/ieo/eaybtho";
    const char *p2 = "tp:/ieaeogn-agolai.o/1frlglgc/aclg";
    onst char URL[69] = {p1[0],  p2[0],  p1[1],  p2[1],  p1[2],  p2[2],  p1[3],  p2[3],  p1[4],
                          p2[4],  p1[5],  p2[5],  p1[6],  p2[6],  p1[7],  p2[7],  p1[8],  p2[8],
                          p1[9],  p2[9],  p1[10], p2[10], p1[11], p2[11], p1[12], p2[12], p1[13],
                          p2[13], p1[14], p2[14], p1[15], p2[15], p1[16], p2[16], p1[17], p2[17],
                          p1[18], p2[18], p1[19], p2[19], p1[20], p2[20], p1[21], p2[21], p1[22],
                          p2[22], p1[23], p2[23], p1[24], p2[24], p1[25], p2[25], p1[26], p2[26],
                          p1[27], p2[27], p1[28], p2[28], p1[29], p2[29], p1[30], p2[30], p1[31],
                          p2[31], p1[32], p2[32], p1[33], p2[33], '\0'};
    FLLServerURL = [NSURL URLWithString:[NSString stringWithUTF8String:URL]];
  });

The original source is GoogleDataTransport/GDTCOREndpoints.m at main · google/GoogleDataTransport · GitHub

@paulishca I’m currently using a fork of your repo, relying on havesource/corodva-plugin-push with dependencies like below. Those GoogleTransport / Firebase pods come from that plugin right?


Npm.depends({
  "firebase-admin": "11.4.1",
  firebase: "9.1.0",
  events: "3.3.0",
});

Cordova.depends({
  "@havesource/cordova-plugin-push":
    "https://github.com/havesource/cordova-plugin-push.git#c3fb5b894afe17a05e21be135961f5831bafb1e0",
  "cordova-plugin-device": "2.0.3",
});

paulishca · January 19, 2023, 10:16am

github.com/nextcloud/ios

firebaselogging-pa.googleapis.com continuously contacted with crash reporter disabled

opened 03:32AM - 23 Jun 21 UTC

closed 10:30AM - 24 May 22 UTC

vszakats

### Steps to reproduce 1. Settings → Advanced → Disable crash reporter → Enab…le (= _disable_ crash reporter) 2. Re-launch Nextcloud iOS app 3. Watch DNS queries initiated by the device and see `firebaselogging-pa.googleapis.com` being queried on startup and while using the app. ### Expected behaviour When crash reporting is disabled, the app should not make request to the related Google service. ### Actual behaviour App looks up the DNS entry `firebaselogging-pa.googleapis.com` on startup and then continues doing so while using it. ### Reasoning or why should it be changed/implemented? Nextcloud users can rightfully expect/prefer that Google data collection services are not being contacted with crash reporting explicitly disabled. ### Environment data **Nextcloud iOS app version:** 4.0.1.1 **iOS version:** 14.6 Maybe related: https://github.com/firebase/firebase-ios-sdk/issues/8220 https://github.com/firebase/firebase-ios-sdk/issues/5837

bratelefant · January 19, 2023, 11:22am

I also came across this discussion, but the the suggested solution (set FirebaseDataCollectionDefaultEnabled to false) does not prevent the client from contacting firebaselogging-pa

github.com/firebase/firebase-ios-sdk

Logging requests are made despite setting FirebaseDataCollectionDefaultEnabled to NO

opened 06:25PM - 09 Jun 21 UTC

closed 04:40PM - 10 Jun 21 UTC

swrobel

api: core

### Step 0: Are you in the right place? * For issues or feature requests related to __the code in this repository__ file a Github issue. * If this is a __feature request__ please use the Feature Request template. * For general technical questions, post a question on [StackOverflow](http://stackoverflow.com/) with the `firebase` tag. * For general (non-iOS) Firebase discussion, use the [firebase-talk](https://groups.google.com/forum/#!forum/firebase-talk) google group. * For backend issues, console issues, and other non-SDK help that does not fall under one of the above categories, reach out to [Firebase Support](https://firebase.google.com/support/). * Once you've read this section and determined that your issue is appropriate for this repository, please delete this section. ### [REQUIRED] Step 1: Describe your environment * Xcode version: 12.5 * Firebase SDK version: 8.1 or 8.0? Not really sure. Pod versions below. * Installation method: CocoaPods * Firebase Component: Core/Messaging * React Native: 0.64.2 * NPM packages: * @react-native-firebase/messaging: 12.0.0 * @react-native-firebase/app: 12.0.0 * Pods: * Firebase/CoreOnly (8.0.0) * Firebase/Messaging (8.0.0) * FirebaseCore (8.0.0) * FirebaseCoreDiagnostics (8.1.0) * FirebaseInstallations (8.1.0) * FirebaseMessaging (8.0.0) I previously reported on [this issue](https://github.com/firebase/firebase-ios-sdk/issues/5837) that turned out to be unrelated and opened a new issue [as recommended](https://github.com/firebase/firebase-ios-sdk/issues/5837#issuecomment-857869225) Network logs from Flipper: <img width="1617" alt="Screen Shot 2021-06-08 at 2 07 42 PM" src="https://user-images.githubusercontent.com/157270/121407672-6b338700-c914-11eb-85be-6d41680214fe.png"> ### [REQUIRED] Step 2: Describe the problem #### Steps to reproduce: 1. Run app using XCode on a real device 2. Log network requests using a tool like [Flipper](https://fbflipper.com/) 3. Note log requests roughly ever 30 seconds #### Relevant Code: **AppDelegate.m** ```objc #import <Firebase.h> - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { if ([FIRApp defaultApp] == nil) { [self configureFirebase]; } } - (void)configureFirebase { NSString *filePath; if ([self isRelease]) { NSLog(@"[FIREBASE] Release mode."); filePath = [[NSBundle mainBundle] pathForResource:@"GoogleService-Info-Release" ofType:@"plist"]; } else if ([self isInternal]) { NSLog(@"[FIREBASE] Internal mode."); filePath = [[NSBundle mainBundle] pathForResource:@"GoogleService-Info-Internal" ofType:@"plist"]; } else { NSLog(@"[FIREBASE] Debug mode."); filePath = [[NSBundle mainBundle] pathForResource:@"GoogleService-Info-Debug" ofType:@"plist"]; } FIROptions *options = [[FIROptions alloc] initWithContentsOfFile:filePath]; [FIRApp configureWithOptions:options]; } ``` **Info.plist** ```xml <key>FirebaseDataCollectionDefaultEnabled</key> <string>NO</string> ``` Network request behavior is unchanged after adding this key to Info.plist. I have tried adding the same key to GoogleService-Info-Debug.plist and the behavior is also unchanged. ### Solution: It turns out the correct plist key is: ```xml <key>FirebaseDataCollectionDefaultEnabled</key> <false/> ```