You may have seen the various articles on information leaking from Samsung phones (and tablets) to a Chinese company (Qihoo, 360 SafeGuard - allegedly involved in underhand activities according to news/Wikipedia).
The issue being that when the disk cleanup util built-in to the phone (cannot be removed, it is in device care under settings) checks-in every 2 weeks (or by manually kicking it off), it connects to these sites:
It does do a POST to one of them, not sure what is in it (yet).
I obtained one of the phones and this is indeed all true. In addition when the Samsung browser launches it connects to yandex[.]com and yandex[.]st, the Russian search engine. I observed this using BURP SUITE and changing the proxy settings on the phone, for those who are new to this stuff.
This of course may all be innocent and just a check-in.
Orgs: If you have a VPN running and traffic from phones pinned back to your organisations internet, or those devices connect on your wi-fi, you will see connections to the above domains. You could block these domains, but that will only work when phones are connected to your network. Local blocking is a bit more involved, no nice solution for that that I know of, maybe others do.
Personal users: ...
Samsung have a statement, mentioned in here: https://www.theverge.com/2020/1/8/21056629/samsung-galaxy-china-device-care-scanner-qihoo-360-privac.... This states it is just basic info to help tidy up the local storage.
Be interested to know if anyone else is seeing this and maybe has observed what is actually going outbound. Ultimately will be up to you to decide if this is innocent data going out and that that will always be the case.
Adam
@4d4m wrote:You may have seen the various articles on information leaking from Samsung phones (and tablets) to a Chinese company (Qihoo, 360 SafeGuard - allegedly involved in underhand activities according to news/Wikipedia).
...
Be interested to know if anyone else is seeing this and maybe has observed what is actually going outbound. Ultimately will be up to you to decide if this is innocent data going out and that that will always be the case.
Adam
Adam,
If you think the phones are dicey, I suggest looking into how their smart TV sets work. Just sayin'.
Craig
Suspicious as ever.