After getting the crash issue resolved (it is now fixed), I tested this to see how it behaves by using PCAPdroid. I also attempted to decrypt the traffic, to see what it sends.
This is the traffic analysis:
Type
Port
IP version
Size
Status
DNS
53
IPv4
Random >120 B
Closed (Good)
TLS
443
IPv6
120 B
Unreachable
HTTPS
443
IPv4
Usually 2.4 KB
Error (Did not trust my decryption certificate)
It sends to a random list of hosts, all of which are listed here:
After getting the crash issue resolved (it is now fixed), I tested this to see how it behaves by using PCAPdroid. I also attempted to decrypt the traffic, to see what it sends.
This is the traffic analysis:
It sends to a random list of hosts, all of which are listed here:
https://4chan.org/
https://www.reddit.com/
https://www.yahoo.com/
https://www.cnn.com/
https://pornhub.com/
https://www.ebay.com/
https://wikipedia.org/
https://youtube.com/
https://github.com/
https://medium.com/
https://thepiratebay.org/
After digging through the code, here is the file with a list of hosts. It also seems to randomly generate user agents, which is good.
The developer blocked me from opening issues on all of his projects.
Maybe you need 2FA on your GitHub account before you can do that. GitHub has made it a requirement for almost all the “dev” stuff.