Do you know flurry? It spies you out!

If you hear about “flurry” and think of a sort of ice cream, you are wrong, the opposite might describe it much better.

I recently started again analyzing the traffic that is passed between the Internet and some well-known apps we may use on a daily basis. Unfortunately, such analysis is not possible with my app NetworkToolbox as Apple restricts raw-socket access so I had to use my Linux PC for this.

The situation is still quite scary. Many apps are sending detailed information about your app usage, device and personal information to third party companies. This is not new but seems to get even worse. Yelp for instance uses three services in total such as adjust.io (see www.adjust.com), sb.scorecardsearch.com (see scorecardresearch.com), settings.crashlytics.com (see crashlytics.com) and of course google analytics. Other well-known candidates are graph.facebook.com.

The worst thing I have seen was however flurry.com (see www.flurry.com). Apps using the flurry service connect to data.flurry.com and loads of information regarding my device type, name, several IDs, app usage, settings etc. will be submitted to flurry. Even worse, most apps even don’t even encrypt this information when it’s being sent.

This screwball data collection nightmare even slows down the apps and uses up my bandwidth.

This is ridiculous!

You may think, what can we do against this ?

There is a quite simple solution at least for your home network so when you are connected via WiFi from your device.

The solution is to use the child protection mechanism of your router, if available.

In my favorite AVM Fritz router, I can maintain a blacklist of websites or IP addresses that should not be available from inside my network. This is basically to prevent kids from visiting certain websites. However, this also works perfectly to protect against these evil flurry scammers. Most routers have a similar blacklist available. Sometimes it’s quite hidden and cumbersome to maintain and enable but it’s worth to spent some time in this research.

So just add data.flurry.com (or even flurry.com) to that blacklist and you are fine.

You can also add the following for some of the other scammers:

adjust.com
adjust.io
scorecardsearch.com
crashlytics.com

and you may also want to consider:

graph.facebook.com
google-analytics.com

and if you finally want to get rid of most of the adware even in apps, just add:

googleadservices.com
doubleclick.net
iadsdk.apple.com
admob.com

So once this is done, you will even experience that some of your apps will run faster, as some of those scammers didn’t even invest in fast servers. Flurry has a extreme high latency, at least in Europe and it even takes quite some time to submit all the device information and app usage to flurry.

(By the way, did you name your device something like “Mike’s iPhone”. Don’t do that otherwise they will even know your name).

As always, don’t trust the evil.

Best regards,
Marcus

P.S. if you are interested reading more articles, just head to my website networktoolbox.de/news. The app only shows the last fifteen articles due to traffic reason.