496694 – possible compromised app... see attachment

Bug 496694 - possible compromised app... see attachment

Summary: possible compromised app... see attachment

Status:	REPORTED

Alias:	None

Product:	kdeconnect
Classification:	Applications
Component:	android-application (other bugs)
Version First Reported In:	unspecified
Platform:	Android Android 14.x

Importance:	NOR grave
Target Milestone:	---
Assignee:	Albert Vaca Cintora

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-11-26 05:20 UTC by kde.org
Modified:	2025-01-26 04:39 UTC (History)
CC List:	5 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
possible malicious code inject (69.07 KB, image/jpeg) 2024-11-26 05:20 UTC, kde.org	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description kde.org 2024-11-26 05:20:10 UTC

Created attachment 176128 [details]
possible malicious code inject

***
If you're not sure this is actually a bug, instead post about it at https://discuss.kde.org

If you're reporting a crash, attach a backtrace with debug symbols; see https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports

Please remove this comment after reading and before submitting - thanks!
***

SUMMARY


STEPS TO REPRODUCE
1. 
2. 
3. 

Hi,
I'm new to this so please forgive my process ignorance:

The attached are Netguard firewall screenshots of KDE Connect (F-droid) on my Pixel 6Pro.
My concern is the app tries to connect to datamining.nadeko.net and inv.nadeko.net (invidious instance).
 Malicious inject? 
F-droid issue?

Linux [toy] box:
Operating System: Fedora Linux Asahi Remix 40
KDE Plasma Version: 6.2.3
KDE Frameworks Version: 6.8.0
Qt Version: 6.7.2
Kernel Version: 6.11.8-400.asahi.fc40.aarch64+16k (64-bit)
Graphics Platform: Wayland
Processors: 8 × Apple Firestorm (M1 Max), 2 × Apple Icestorm (M1 Max)
Memory: 62.6 GiB of RAM
Graphics Processor: Apple M1 Max
Product Name: Apple MacBook Pro (16-inch, M1 Max, 2021)

Comment 1 2wxsy58236r3 2025-01-26 04:29:22 UTC

I have raised this issue in the nadeko.net Matrix Room and the owner says they will try this since they also use KDE Connect.

CC: Fijxu (nadeko.net's owner)

Comment 2 fijxu 2025-01-26 04:39:20 UTC

Old report but still worth investigating. Why does KDE Connect connects to my site?
I installed NetGuard for testing, filtered and logged the traffic of KDE Connect.

I also installed https://addons.mozilla.org/en-US/firefox/addon/plasma-integration/ to be able to send links from the browser directly to the phone. I sent a link from https://inv.nadeko.net from the browser on the PC to the phone and it opened the browser of the phone with the site as intended, but there is no connections from KDE Connect to external websites. 

Why does it connects to my website in this bug report? I'm missing some feature of KDE Connect that makes it connect to a website? Still, if it connected to `inv.nadeko.net`, it should not connect to `datamining.nadeko.net` at all, unless you connect to `git.nadeko.net` first.