As a learning exercise, I’ve created a simple list app. When I was testing this app by serving it to my browser, I noticed that my Privacy Badger plug-in was displaying warnings. That shouldn’t happen because this is just a basic list app, which should not rely on any external data sources.
I fired up Wireshark (a packet sniffer) and saw that Ionic was making calls to 5 different external IP addresses. I’m sure there’s an explanation for this, but I’d like to know what it is.
Is there any documentation about what external resources Ionic might be making calls to by default?
Care to post those calls?
Okay, did it again, and decided to be more scientific this time.
Differences from last time:
I created a blank project and made no modifications to it, except to change one word of the Homepage HTML and save it, which would trigger a browser reload.
For a browser, I used Chromium with zero plugins instead of Firefox with one plugin.
Results of two reloads:
According to the Network tab in Chromium Dev Tools, each reload causes a call to be made to “www.google-analytics.com”
Wireshark still sees more external IP calls than that. This may be Chromium making the calls rather than Ionic, but here are the addresses:
126.96.36.199 = Google
188.8.131.52 = Google
184.108.40.206 = Google
220.127.116.11 = Google
18.104.22.168 = Google
22.214.171.124 = Google
So all those IPs are owned by Google. That still doesn’t explain why a blank app is making any calls to google analytics at all. I’d like to know how to shut that off.
How do you know that isn’t calls made by Chromium? Are the same calls made when using Firefox or Safari?
yeah good point, but then the next question would be… why is chrome doing that
Firefox made even more calls. I attribute that to a Firefox plug-in I have installed, which is what originally alerted me to the “google-analytics” calls.
In Chromium (not Chrome), the Dev Tools network tab shows a call made to “www.google-analytics.com” whenever Ionic server reloads my app to the browser. Wireshark shows more than just that one call being made.
So I suppose one call could be from Ionic, and two calls could be from Chromium. That still doesn’t explain why Google-Analytics needs to know I’ve just opened up my shopping list app in my browser, or how to block those calls.
I’ve got the TCP dump. I wonder if I can paste it into this forum…
Nope. Just tried.